Mobile Communications Systems Development: A Practical Introduction to System Understanding, Implementation and Deployment 9781119778684, 1119778689

Table of contents :
Cover
Title Page
Copyright Page
Contents
About the Author
Preface
Acknowledgments
List of Abbreviations
Chapter 1 Introduction: Career Opportunities in Mobile Communications Networks Space
Part I Network Architectures, Standardization, Protocols, and Functions
Chapter 2 Network Architectures, Standardizations Process
Introduction
2.1 Network Elements and Basic Networks Architectures
2.1.1 GSM (2G) Network Architecture
2.1.2 General Packet Radio Service (GPRS-2.5G) Network Architecture
2.1.3 Universal Mobile Telecommunications System (3G) Network Architecture
2.1.4 LTE (4G) Network Architecture
2.1.5 GSM, UMTS, LTE, and 5G Network Elements: A Comparison
2.1.6 Circuit Switched (CS) vs Packet Switched (PS)
2.2 Mobile Communication Network Domains
2.2.1 AN Domain
2.2.2 Core Network (CN) Domain
2.2.3 Network Domains and Its Elements
2.2.4 Example: End-to-End Mobile Network Information Flow
2.2.5 Example: GSM MO Call
2.3 Mobile Communications Systems Evolutions
2.3.1 Evolutions of Air Interface
2.3.2 Evolutions of 3GPP Networks Architectures
2.4 Mobile Communications Network System Engineering
2.4.1 Mobility Management
2.4.2 Air Interface Management
2.4.3 Subscribers and Services Management
2.4.4 Security Management
2.4.5 Network Maintenance
2.5 Standardizations of Mobile Communications Networks
2.5.1 3rd Generation Partnership Project (3GPP)
2.5.2 3GPP Working Groups
2.5.3 3GPP Technical Specification and Technical Report
2.5.4 Stages of a 3GPP Technical Specification
2.5.5 Release Number of 3GPP Technical Specification
2.5.6 3GPP Technical Specification Numbering Nomenclature
2.5.7 Vocabulary of 3GPP Specifications
2.5.8 Examples in a 3GPP Technical Specification
2.5.9 Standardization of Technical Specifications by 3GPP
2.5.10 Scope of 3GPP Technical Specification (TS)
2.5.11 3GPP TS for General Description of a Protocol Layer
2.5.12 3GPP TS Drafting Rules: Deriving Requirements
2.5.13 Download 3GPP Technical Specifications
2.5.14 3GPP Change Requests
2.5.15 Learnings from 3GPP Meetings TDocs
2.6 3GPP Releases and Its Features
Chapter Summary
Chapter 3 Protocols, Interfaces, and Architectures
Introduction
3.1 Protocol Interface and Its Stack
3.1.1 Physical Interface
3.1.2 Logical Interface
3.1.3 Logical Interfaces’ Names and Their Protocol Stack
3.1.4 Examples of Logical Interface and Its Protocol Layers
3.2 Classifications of Protocol Layers
3.2.1 Control Plane or Signaling Protocols
3.2.2 User Plane Protocols
3.3 Grouping of UMTS, LTE, and 5G Air Interface Protocol Layers
3.3.1 Access Stratum (AS): UMTS UE – UTRAN; LTE UE – E-UTRAN;5G UE - NG-RAN
3.3.2 Non-Access Stratum: UMTS UE – CN, LTE UE – EPC; 5G UE-Core
3.4 Initialization of a Logical Interface
3.5 Protocol Layer Termination
3.6 Protocol Sublayers
3.7 Protocol Conversion
3.8 Working Model of a 3GPP Protocol Layer: Services and Functions
3.9 General Protocol Model Between RAN and CN (UMTS, LTE, 5G)
3.10 Multiple Transport Networks, Protocols, and Physical Layer Interfaces
3.11 How to Identify and Understand Protocol Architectures
3.11.1 Identifying a Logical Interface, Protocol Stack, and Its Layers
3.11.2 Identification of Technical Requirements Using Interface Name
3.12 Protocol Layer Procedures over CN Interfaces
3.12.1 Similar Functions and Procedures over the CN Interfaces
3.12.2 Specific Functions and Procedures over the CN Interfaces
Chapter Summary
Chapter 4 Encoding and Decoding of Messages
Introduction
4.1 Description and Encoding/Decoding of Air Interface Messages
4.1.1 Encoding/Decoding: Air Interface Layer 3 Messages
4.1.2 Encoding/Decoding: LTE and 5G NR Layer 2: RLC Protocol
4.1.3 Encoding/Decoding: LTE and 5G NR Layer 2: MAC Protocol
4.1.4 CSN.1 Encoding/Decoding: GPRS Layer 2 Protocol (RLC/MAC)
4.1.5 ASN.1 Encoding/Decoding: UMTS, LTE, and 5G NR Layer 3 Protocol
4.1.6 Direct/Indirect Encoding Method
4.1.7 Segmented Messages over the Air Interface
4.1.8 Piggybacking a Signaling Message
4.2 Encoding/Decoding of Signaling Messages: RAN and CN
Chapter Summary
Chapter 5 Network Elements: Identities and Its Addressing
Introduction
5.1 Network Elements and Their Identities
5.2 Permanent Identities
5.3 Temporary Identities Assigned by CN
5.3.1 GSM System Temporary Identities
5.3.2 GPRS System Temporary Identities
5.3.3 LTE/EPS System Temporary Identities
5.4 Temporary Identities Assigned by RAN: RNTI
5.5 Usages of Network Identities
5.6 Native and Mapped Network Identities
5.7 LTE UE Application Protocol Identity
Chapter Summary
Chapter 6 Interworking and Interoperations of Mobile Communications Networks
Introduction
6.1 Requirements and Types of Interworking
6.2 Interworking Through Enhanced Network Elements
6.2.1 Interworking for Voice Call Through IMS: VoLTE
6.2.1.1 IP Multimedia Subsystem (IMS)
6.2.1.2 UE Registration and Authentication
6.2.2 Interworking for VoLTE Call Through LTE/EPS: SRVCC
6.2.3 Interworking for Voice Call Through LTE/EPS: CSFB
6.3 Interworking Through Legacy Network Elements
6.4 Interworking Between LTE/EPS and 5G Systems
6.5 Interoperations of Networks: LTE/EPS Roaming
6.5.1 Roaming Through Interoperations of Enhanced Networks Elements
6.5.2 Roaming Through Interoperations of Legacy Networks Elements
6.6 UE Mode of Operation
6.7 Function of E-UTRAN in a VoLTE Call
Chapter Summary
Chapter 7 Load Balancing and Network Sharing
Introduction
7.1 Core Network Elements Load Balancing
7.1.1 Identification of NAS Node: NRI and Its Source
7.1.2 NAS Node Selection Function
7.2 Network Sharing
7.2.1 GSM/GPRS/LTE RAN Sharing Through MOCN Feature
7.2.2 5G NG-RAN Sharing Through MOCN Feature (Release 16)
Chapter Summary
Chapter 8 Packets Encapsulations and Their Routing
Introduction
8.1 User Data Packets Encapsulations
8.1.1 Packets Encapsulations at the CN and RAN
8.1.2 Packet Encapsulations over Air Interface
8.2 IP Packet Routing in Mobile Communications Networks
8.3 IP Header Compression and Decompression
Chapter Summary
Chapter 9 Security Features in Mobile Communications Networks
Introduction
9.1 A Brief on the Security Architecture: Features and Mechanisms
9.2 Security Features and Its Mechanisms
9.3 GSM Security Procedures
9.4 UMTS, LTE, and 5G: AS and NAS Layer Security Procedures
9.5 Security Contexts
9.6 Security Interworking
Chapter Summary
Part II Operations and Maintenances
Chapter 10 Alarms and Faults Managements
Introduction
10.1 Network Elements Alarm and Its Classifications
10.2 Sources of Abnormal Events and Alarms
10.3 Identifying Sources of Alarms from 3GPP TSs
10.3.1 Abnormal Conditions
10.3.2 Protocol Layer Error Handling
10.3.3 Abnormal Conditions Due to Local Errors
10.4 Design and Implementation of an Alarm Management System
10.4.1 Design and Components of an Alarm
10.4.2 Alarm Application Programming Interfaces (APIs)
10.4.3 Alarm Database
10.5 Alarm Due to Protocol Error
10.5.1 Sample Protocol Error Alarm Description
10.6 Alarm Due to Abnormal Conditions
10.6.1 Normal Scenario
10.6.2 Abnormal Scenario
10.6.3 Sample Alarm Description
10.6.4 Sample Alarm Generation
10.6.5 Sample Protocol Error Alarm Generation
10.7 How to Troubleshoot Protocol Error Using the Alarm Data
Chapter Summary
Chapter 11 Performance Measurements and Optimizations of Mobile Communications Networks
Introduction
11.1 Counters for Performance Measurements and Optimizations
11.2 Performance and Optimizations Management System
11.3 Key Performance Indicator (KPI)
11.3.1 What Is a KPI?
11.3.2 KPI Domains
11.3.3 KPI for Signaling or Control Plane
11.3.4 KPI for User or Data Plane
11.3.5 KPI Categories
11.3.6 KPI Evaluation Steps
11.3.7 Troubleshooting and Improving KPI
11.3.8 Components of a KPI Definition
Chapter Summary
Chapter 12 Troubleshooting of Mobile Communications Networks Issues
Introduction
12.1 Air Interface-Related Issues
12.1.1 Drive Test, Data Collection, and Its Analysis
12.2 Debugging Issues with IP-Based Logical Interface
12.2.1 IP Protocol Analyzer
12.2.2 Network/Application Throughput Issue
12.2.3 Switch Port Mirroring
12.3 Conformance Testing Issues
12.3.1 Example: Mobile Device (MS)/User Equipment (UE) Conformance Test
12.3.2 Example: Location Area Update Request
12.4 Interoperability Testing (IOT) Issues
12.5 Interworking Issues
12.6 Importance of Log/Traces and Its Collections
12.7 Steps for Troubleshooting
Chapter Summary
Part III Mobile Communications Systems Development
Chapter 13 Core Software Development Fundamentals
Introduction
13.1 A Brief on Software Development Fundamentals
13.1.1 Requirements Phase
13.1.2 Design
13.1.3 Implementation
13.1.4 Integration and Testing
13.1.5 Operation and Maintenance
13.2 Hardware Platforms: Embedded System, Linux Versus PC
13.2.1 System Development Using Embedded System Board
13.2.2 System Development Using Multicore Hardware Platform
13.2.2.1 What Is a Core?
13.2.2.2 Network Element Development Using Multicore Platform
13.2.2.3 Runtime Choices of Multicore Processor
13.2.2.4 Software Programming Model for Multicore Processor
13.3 Selecting Software Platforms and Features
13.3.1 Selecting Available Data/Logical Structures
13.3.1.1 Advanced Data Structures
13.3.1.2 How Data Structure Affects the Application’s Performance
13.3.2 Selecting an Operating System Services/Facilities
13.3.2.1 Advance Features of Operating System: IPC
13.4 Software Simulators for a Mobile Communications Network
13.5 Software Root Causes and Their Debugging
13.5.1 Incorrect Usages of Software Library System Calls/APIs
13.5.2 Incorrect Usages of System Resources
13.5.3 Bad Software Programming Practices
13.6 Static Code Analysis of Software
13.7 Software Architecture and Software Organization
Example 13.1
13.8 System and Software Requirements Analysis
13.9 Software Quality: Reliability, Scalability, and Availability
13.9.1 Reliability
13.9.2 Scalability
13.9.3 Availability
Chapter Summary
Chapter 14 Protocols, Protocol Stack Developments, and Testing
Introduction
14.1 Components of a 3GPP Protocol TS
14.2 3GPP Protocol Layer Structured Procedure Description
14.3 Protocol Layer Communications
14.3.1 Layer-to-Layer Communication Using Service Primitives
14.3.2 Layer-to-Layer Communication: SAP
14.3.3 Peer-to-Peer Layer Communication: PDU and Service Data Unit (SDU)
14.3.4 Types of PDU
14.3.5 Formats of PDU
14.4 Air Interface Message Format: Signaling Layer 3
14.4.1 A Brief on the Air Interface Layer 3 Protocol Stack
14.4.2 Classification of Layer 3 Messages
14.4.3 Layer 3 Protocol Header: Signaling Message Format
14.4.4 Layer 3 Protocol Header: Protocol Discriminator
14.4.5 Layer 3 Protocol Header: GSM, GPRS Skip Indicator
14.4.6 Layer 3 Protocol Header: GSM, GPRS Transaction Identifier
14.4.7 Layer 3 Protocol Header: LTE/EPS Bearer Identity
14.4.8 Layer 3 Protocol Header: 5GSM PDU Session Identity
14.4.9 Constructing a Layer 3 Message
14.4.10 Security Protected LTE/EPS and 5G NAS Layer MM Messages
14.4.11 Layer 3 Protocol Layer’s Message Dump
14.5 Air Interface Message Format: Layer 2
14.6 RAN – CN Signaling Messages
14.6.1 Protocol Layer Elementary Procedure
14.6.2 Types and Classes of EPs
14.6.3 EPs Code
14.6.4 Criticality of IE
14.6.5 Types of Protocol Errors and Its Handling
14.6.6 Choices of Triggering Message
14.6.7 Message Type
14.6.8 Message Description
14.6.9 Example: LTE/EPS S1 Interface: S1 Setup Procedure
14.7 Modes of Operation of a Protocol Layer
14.8 Example of a Protocol Primitive and PDU Definition
14.9 Example of a Protocol Layer Frame Header Definition
14.10 Examples of System Parameters
14.11 Examples of Protocol Information Elements and Its Identifier
14.12 3GPP Release Specific Changes Implementation
14.13 Examples of Protocol Messages Types
14.14 Protocol Layer Timer Handling
14.15 Protocol Layer Development Using State Machine
14.16 Protocol Layer Development Using Message Passing
14.17 Protocol Layer Data and its Types
14.18 Protocol Layer Control and Configuration
14.19 Protocol Context Information
14.20 Protocol Layer Message Padding
14.21 Device Driver Development
14.22 Guidelines for Protocol Stack/Layer Development
14.23 Software Profiling, Tools and Performance Improvement
14.24 Protocol Stack Testing and Validation
Chapter Summary
Chapter 15 Deriving Requirements Specifications from a TS
Introduction
15.1 3GPP Protocol Layer Procedures
15.1.1 LTE UE Mode of Operation Requirements
15.1.2 LTE UE ATTACH Procedure Requirements
15.1.3 LTE UE DETACH Procedure Requirements
15.1.4 LTE UE Tracking Area Update Procedure Requirements
15.2 3GPP System Feature Development Requirements
15.2.1 Identification of System/Network Elements Interfaces Changes
15.2.2 Identifications of Impacts on Performance
15.2.3 Identifications of Impacts on Feature Management
15.2.4 Identification of Interworking Requirements with Existing Features
15.2.5 Charging and Accounting Aspects
15.3 Example Feature: Radio Access Network Sharing
15.3.1 Effects on Network Elements
15.3.2 Effects on Logical Interfaces
15.3.3 Selection of Core Network Operator: PLMN Id
15.4 Example: Interworking/Interoperations
15.4.1 Circuit-Switched Fall Back (CSFB)
15.4.2 Single Radio Voice Call Continuity (SRVCC)
15.5 3GPP System Feature and High-Level Design
Chapter Summary
Part IV 5G System and Network
Chapter 16 5G Network: Use Cases and Architecture
Introduction
16.1 5G System (5GS) Use Cases
16.1.1 Enablers and Key Principles of 5GS Use Cases
16.1.2 Other Enablers in 5G System
16.2 Support of Legacy Services by 5G System
16.3 5G System Network Architecture
16.3.1 3GPP Access Architecture
16.3.2 Non-3GPP Access Architecture
16.4 5G System NG–RAN/gNB Logical Architecture
16.5 5GC System Architecture Elements
16.6 5G System Deployment Solutions
16.6.1 E–UTRA–NR Dual Connectivity (EN–DC) for NSA Deployment
16.7 5G System and LTE/EPS Interworking
16.7.1 RAN-Level Interworking
16.7.2 Core Network (CN) Level Interworking: N26 Interface
16.7.2.1 Single Registration Mode with N26 Interface
16.7.2.2 Dual Registration Mode: Without N26 Interface
16.8 5G System Native and Mapped Network Identities
16.8.1 Mobility Area Identifiers
16.8.2 UE/Subscriber Permanent Identifiers
16.8.3 Core Network Identifiers
16.8.4 RAN Identifiers
16.8.5 Core Network Temporary Identities
16.9 5G System Network Slicing
16.9.1 Identities for a Network Slice
16.9.2 Impacts of Network Slicing Feature
16.10 Management and Orchestration (MANO) of 5G Network
16.11 5G System Security
16.11.1 UE Authentication Frameworks and Methods
16.11.2 Primary Authentication and Secondary Authentication
16.11.3 Key Hierarchy and Authentication Vector
16.11.4 New Security Requirements in 5G System
16.11.5 Subscriber Identities/Privacy Protection
Chapter Summary
Chapter 17 Introduction to GSM, UMTS, and LTE Systems Air Interface
Introduction
17.1 Air Interfaces Protocol Architectures
17.2 Protocol Sublayers
17.3 Control Plane and User Plane Protocols
17.4 Protocols Domains Classifications
17.5 Access Stratum and Non-access Stratum
17.6 Message Formats
17.7 Security Over the Air Interface
17.8 Piggybacking for Reduction of Signaling Overhead
17.8.1 Examples Piggybacking of Signaling Messages
Chapter Summary
Chapter 18 5G NR Air Interface: Control Plane Protocols
Introduction
18.1 NR Control Plane Protocol Layers
18.2 Session Management (5G SM) Layer
18.2.1 Procedures of 5G SM Layer
18.2.2 PDU Session Types
18.2.3 PDU Session and Service Continuity (SSC)
18.2.4 PDU Sessions for Network Slices
18.2.5 Session Management (SM) Layer States
18.3 Quality of Service (5G QoS)
18.3.1 LTE/EPS QoS Model: EPS Bearer
18.3.2 5GS QoS Model: QoS Flow
18.3.3 GTP-U Plane Tunnel for PDU Session
18.3.4 Service Data Flow and PCC Rule
18.3.5 Binding of Service Data Flow
18.3.6 QoS Profile and QFI
18.3.7 QoS Rule and QRI
18.3.8 Mapping QoS Flow to Data Radio Bearer
18.3.9 Downlink Data Flow Through GTP-U Plane Tunnels
18.4 Mobility Management (5G MM) Layer
18.4.1 Mobility Area Concepts and Identifiers
18.4.2 Requirements of Mobility Management Functions
18.4.3 Functions and Procedures of 5G MM Layer
18.4.4 Mobility Management Layer States
18.4.5 Connection Management (CM) and Service Request
18.4.6 Mobility Pattern of UE
18.5 RRC Layer
18.5.1 Functions and Procedures of RRC Layer
18.5.2 System Information (SI) Broadcast
18.5.3 RRC Layer States
18.5.4 RRC INACTIVE State
18.5.5 Mobility of UE
18.5.5.1 UE Mobility in RRC IDLE State
18.5.5.2 UE Mobility in RRC INACTIVE State
18.5.5.3 UE Mobility in RRC CONNECTED State
18.5.6 Admission Control
Chapter Summary
Chapter 19 5G NR Air Interface: User Plane Protocols
Introduction
19.1 NR User Plane Protocol Layers
19.2 SDAP Layer
19.3 PDCP Layer
19.4 RLC Layer
19.5 MAC Layer
19.5.1 Functions and Procedures
19.5.2 Scheduling Procedure
19.5.3 Random Access Procedure
19.5.4 Error Correction Through HARQ Procedure
19.5.5 Buffer Status Reporting (BSR) Procedure
19.5.6 Scheduling Request (SR) Procedure
19.5.7 Low Latency in the NR Due to Configured Scheduling
19.5.8 MAC Layer PDU and Header Structures
19.5.9 How MAC Layer Ensures Low-Latency Requirements
19.5.10 Channel Structures in NR
19.6 Physical Layer
19.6.1 Principles of Transmissions and Its Directions
19.6.2 Physical Layer Functions, Procedures, and Services
19.6.3 OFDM Symbol
19.6.4 NR Frame and Slot Format
19.6.4.1 Subcarrier Spacing (SCS)/Numerologies (μ)
19.6.4.2 Slots per NR Frame and Subframe
19.6.4.3 Slot Formats in TDD Mode
19.6.4.4 Dynamic TDD
19.6.5 Resource Grid and Resource Block
19.6.5.1 Control Resource Set (CORESET)
19.6.5.2 Common Resource Blocks (CRB)
19.6.5.3 Physical Resource Block (PRB)
19.6.5.4 Virtual Resource Block (VRB)
19.6.5.5 Interleaved and Non-interleaved PRB Allocation
19.6.5.6 PRB Bundling and VRB to PRB Mapping
19.6.5.7 Reference Point “A”
19.6.6 Channel and Transmission Bandwidths
19.6.7 Bandwidth Part (BWP)
19.6.7.1 Types of BWP
19.6.7.2 BWP Configuration
19.6.7.3 BWP Switching and Associated Delay
19.6.8 NR Resource Allocations
19.6.8.1 Frequency Domain Resource Allocation for FDD Transmission
19.6.8.2 Time-Domain Resources Allocation for FDD Transmission
19.6.8.3 Time-Domain Resources Allocation for TDD
19.6.9 Transport Channels and Their Processing Chain
19.6.9.1 CRC Calculation and its Attachment to a Transport Block
19.6.9.2 Code Block Segmentation
19.6.9.3 Channel Encoding with LDPC
19.6.9.4 Rate Matching and Concatenation
19.6.9.5 Multiplexing of UL-SCH Data and Uplink Control Information
19.6.9.6 LDPC Encoding Examples
19.6.10 Physical Channels and Their Processing Chain
19.6.10.1 Physical Channels
19.6.10.2 Channel Mappings
19.6.10.3 Multiple Physical Antenna Transmissions
19.6.10.4 Physical Channel Processing Chain
19.6.10.5 Physical Downlink Control Channel (PDCCH)
19.6.10.6 Physical Uplink Control Channel (PUCCH) and Information (UCI)
19.6.11 Code Block Group-Based Transmissions and Receptions
19.6.12 Physical Signals
19.6.12.1 Reference Signals Transmitted as Part of Physical Channels
19.6.12.2 Sounding Reference Signals
19.6.13 Downlink Synchronization
19.6.14 Millimeter Wave Transmission, Beamforming, and Its Management
19.6.15 Cell-Level Radio Link Monitoring (RLM)
19.6.16 RRM Measurements for UE Mobility
19.6.16.1 RRM Measurement Signals and Their Quantities
19.6.16.2 RRM Measurements Framework
19.6.16.3 Overall RRM Process
19.6.17 Channel State Information (CSI)
19.6.18 Modulation and Coding Schemes (MCSs)
19.6.19 Link Adaptation Procedure
19.6.20 Random Access (RACH) Procedure
19.6.21 NR Radio Resources Management (RRM) Procedure
19.6.22 UE Transmit Power Control
19.6.22.1 Types of Power Control Procedure in NR
19.6.22.2 UE Transmit Power Determination Procedure in NR
19.6.23 Effect of Physical Layer on Data Throughputs
Chapter Summary
Chapter 20 5G Core Network Architecture
Introduction
20.1 Control Plane and User Plane Separation – CUPS
20.1.1 Impacts of CUPS Feature
20.1.2 CUPS in the LTE/EPC Network
20.1.3 CUPS Feature in 5G Core Network
20.2 Service-Based Architecture (SBA)
20.2.1 Network Functions and Its Instances
20.2.2 Network Functions (NFs) and Their Services Interfaces
20.2.3 5G System Architecture with NF
20.2.4 Network Functions and Their Services and Operations
20.2.5 Network Functions Services Framework
20.2.6 Services API for Network Functions
20.2.7 Network Function Selection
20.3 Network Function Virtualization (NFV)
Chapter Summary
Chapter 21 5G System: Low-level Design
Introduction
21.1 Design of 5GC Service Interface and Its Operations
21.2 Design of 5GC NF Service Interface Using UML and C++ Class Diagram
21.3 Usages of C++ Standard Template Library (STL)
21.4 Software Architecture for 5G System
21.4.1 NG-RAN Logical Nodes Software Architecture
21.4.2 5GC Software Architecture
21.5 Data Types Used in 5GC SBI Communications
Chapter Summary
Chapter 22 3GPP Release 16 and Beyond
Introduction
22.1 5GS Enhancements as Part of Release 16
22.2 5GS New Features as Part of Release 16
22.3 3GPP Release 17
Chapter Summary
Test Yourself!
Introductions
A.1 5G Mobile Communications and Systems Concepts
A.2 Software Program Development Exercises
A.2.1 Generic Utility and Re-Useable Software
A.2.2 5G System Protocol Layer Development
References
Index
EULA

Citation preview

Mobile Communications Systems Development A Practical Introduction to System Understanding, Implementation, and Deployment

Rajib Taid

This edition first published 2021 © 2021 John Wiley & Sons Ltd All rights reserved. No part of this publication may be reproduced, stored in a retrieval system, or transmitted, in any form or by any means, electronic, mechanical, photocopying, recording, or otherwise, except as permitted by law. Advice on how to obtain permission to reuse material from this title is available at http://www.wiley.com/go/permissions. The right of Rajib Taid to be identified as the author of this work has been asserted in accordance with law. Registered Offices John Wiley & Sons, Inc., 111 River Street, Hoboken, NJ 07030, USA John Wiley & Sons Ltd, The Atrium, Southern Gate, Chichester, West Sussex, PO19 8SQ, UK Editorial Office The Atrium, Southern Gate, Chichester, West Sussex, PO19 8SQ, UK For details of our global editorial offices, customer services, and more information about Wiley products, visit us at www.wiley.com. Wiley also publishes its books in a variety of electronic formats and by print‐on‐demand. Some content that appears in standard print versions of this book may not be available in other formats. Limit of Liability/Disclaimer of Warranty While the publisher and authors have used their best efforts in preparing this work, they make no representations or warranties with respect to the accuracy or completeness of the contents of this work and specifically disclaim all warranties, including without limitation any implied warranties of merchantability or fitness for a particular purpose. No warranty may be created or extended by sales representatives, written sales materials or promotional statements for this work. The fact that an organization, website, or product is referred to in this work as a citation and/or potential source of further information does not mean that the publisher and authors endorse the information or services the organization, website, or product may provide or recommendations it may make. This work is sold with the understanding that the publisher is not engaged in rendering professional services. The advice and strategies contained herein may not be suitable for your situation. You should consult with a specialist where appropriate. Further, readers should be aware that websites listed in this work may have changed or disappeared between when this work was written and when it is read. Neither the publisher nor authors shall be liable for any loss of profit or any other commercial damages, including but not limited to special, incidental, consequential, or other damages. Library of Congress Cataloging‐in‐Publication Data applied for ISBN 9781119778684 (Hardback) Cover Design: Wiley Cover Image: © Metamorworks/Shutterstock, Cnythzl/iStock/Getty Images Set in 9.5/12.5pt STIXTwoText by SPi Global, Pondicherry, India All the opinions, except the granted copyrighted materials being used, expressed in this book are author’s own, from personal experiences and does not represent either from the past or present employer. Designations used by companies to distinguish their products are often claimed as trademarks. All brand names and product names used in this book are trade names, service marks, trademarks or registered trademarks of their respective owners. The publisher is not associated with any product or vendor mentioned in this book. 10  9  8  7  6  5  4  3  2  1

iii

Contents About the Author  xiv Preface  xv Acknowledgments  xviii List of Abbreviations  xix 1 Introduction  1 Part I  Network Architectures, Standardization, Protocols, and Functions  3 2 2.1 2.1.1 2.1.2 2.1.3 2.1.4 2.1.5 2.1.6 2.2 2.2.1 2.2.2 2.2.3 2.2.4 2.2.5 2.3 2.3.1 2.3.2 2.4 2.4.1 2.4.2 2.4.3 2.4.4 2.4.5 2.5 2.5.1 2.5.2 2.5.3

Network Architectures, Standardizations Process  5 Network Elements and Basic Networks Architectures  5 GSM (2G) Network Architecture  6 General Packet Radio Service (GPRS-2.5G) Network Architecture  7 Universal Mobile Telecommunications System (3G) Network Architecture  7 LTE (4G) Network Architecture  8 GSM, UMTS, LTE, and 5G Network Elements: A Comparison  9 Circuit Switched (CS) vs Packet Switched (PS)  9 ­Mobile Communication Network Domains  10 AN Domain  10 Core Network (CN) Domain  11 Network Domains and Its Elements  11 Example: End-to-End Mobile Network Information Flow  12 Example: GSM MO Call  13 ­Mobile Communications Systems Evolutions  14 Evolutions of Air Interface  14 Evolutions of 3GPP Networks Architectures  16 ­Mobile Communications Network System Engineering  19 Mobility Management  19 Air Interface Management  20 Subscribers and Services Management  20 Security Management  20 Network Maintenance  20 ­Standardizations of Mobile Communications Networks  21 3rd Generation Partnership Project (3GPP)  21 3GPP Working Groups  21 3GPP Technical Specification and Technical Report  22

iv

Contents

2.5.4 2.5.5 2.5.6 2.5.7 2.5.8 2.5.9 2.5.10 2.5.11 2.5.12 2.5.13 2.5.14 2.5.15 2.6

Stages of a 3GPP Technical Specification  22 Release Number of 3GPP Technical Specification  22 3GPP Technical Specification Numbering Nomenclature  23 Vocabulary of 3GPP Specifications  24 Examples in a 3GPP Technical Specification  24 Standardization of Technical Specifications by 3GPP  24 Scope of 3GPP Technical Specification (TS)  24 3GPP TS for General Description of a Protocol Layer  25 3GPP TS Drafting Rules: Deriving Requirements  25 Download 3GPP Technical Specifications  25 3GPP Change Requests  26 Learnings from 3GPP Meetings TDocs  26 ­3GPP Releases and Its Features  26 ­Chapter Summary  27

3 3.1 3.1.1 3.1.2 3.1.3 3.1.4 3.2 3.2.1 3.2.2 3.3 3.3.1 3.3.2 3.4 3.5 3.6 3.7 3.8 3.9 3.10 3.11 3.11.1 3.11.2 3.12 3.12.1 3.12.2

Protocols, Interfaces, and Architectures  29 ­Protocol Interface and Its Stack  29 Physical Interface  30 Logical Interface  30 Logical Interfaces’ Names and Their Protocol Stack  33 Examples of Logical Interface and Its Protocol Layers  35 ­Classifications of Protocol Layers  36 Control Plane or Signaling Protocols  36 User Plane Protocols  38 ­Grouping of UMTS, LTE, and 5G Air Interface Protocol Layers  39 Access Stratum (AS): UMTS UE – UTRAN; LTE UE – E-UTRAN;5G UE - NG-RAN  39 Non-Access Stratum: UMTS UE – CN, LTE UE – EPC; 5G UE-Core  41 ­Initialization of a Logical Interface  42 ­Protocol Layer Termination  43 ­Protocol Sublayers  43 ­Protocol Conversion  44 ­Working Model of a 3GPP Protocol Layer: Services and Functions  45 ­General Protocol Model Between RAN and CN (UMTS, LTE, 5G)  46 ­Multiple Transport Networks, Protocols, and Physical Layer Interfaces  47 ­How to Identify and Understand Protocol Architectures  49 Identifying a Logical Interface, Protocol Stack, and Its Layers  49 Identification of Technical Requirements Using Interface Name  51 ­Protocol Layer Procedures over CN Interfaces  51 Similar Functions and Procedures over the CN Interfaces  52 Specific Functions and Procedures over the CN Interfaces  53 ­Chapter Summary  54

4 4.1 4.1.1 4.1.2 4.1.3 4.1.4 4.1.5

Encoding and Decoding of Messages  55 ­ escription and Encoding/Decoding of Air Interface Messages  55 D Encoding/Decoding: Air Interface Layer 3 Messages  56 Encoding/Decoding: LTE and 5G NR Layer 2: RLC Protocol  60 Encoding/Decoding: LTE and 5G NR Layer 2: MAC Protocol  60 CSN.1 Encoding/Decoding: GPRS Layer 2 Protocol (RLC/MAC)  60 ASN.1 Encoding/Decoding: UMTS, LTE, and 5G NR Layer 3 Protocol  61

Contents

4.1.6 4.1.7 4.1.8 4.2

Direct/Indirect Encoding Method  62 Segmented Messages over the Air Interface  63 Piggybacking a Signaling Message  63 ­Encoding/Decoding of Signaling Messages: RAN and CN  64 ­Chapter Summary  65

5 5.1 5.2 5.3 5.3.1 5.3.2 5.3.3 5.4 5.5 5.6 5.7

Network Elements: Identities and Its Addressing  67 ­ etwork Elements and Their Identities  67 N ­Permanent Identities  68 ­Temporary Identities Assigned by CN  69 GSM System Temporary Identities  69 GPRS System Temporary Identities  69 LTE/EPS System Temporary Identities  70 ­Temporary Identities Assigned by RAN: RNTI  72 ­Usages of Network Identities  73 ­Native and Mapped Network Identities  73 ­LTE UE Application Protocol Identity  75 ­Chapter Summary  76

6 6.1 6.2 6.2.1 6.2.1.1 6.2.1.2 6.2.2 6.2.3 6.3 6.4 6.5 6.5.1 6.5.2 6.6 6.7

Interworking and Interoperations of Mobile Communications Networks  77 ­Requirements and Types of Interworking  77 ­Interworking Through Enhanced Network Elements  78 Interworking for Voice Call Through IMS: VoLTE  79 IP Multimedia Subsystem (IMS)  80 UE Registration and Authentication  81 Interworking for VoLTE Call Through LTE/EPS: SRVCC  83 Interworking for Voice Call Through LTE/EPS: CSFB  85 ­Interworking Through Legacy Network Elements  88 ­Interworking Between LTE/EPS and 5G Systems  89 ­Interoperations of Networks: LTE/EPS Roaming  90 Roaming Through Interoperations of Enhanced Networks Elements  90 Roaming Through Interoperations of Legacy Networks Elements  92 ­UE Mode of Operation  92 ­Function of E-UTRAN in a VoLTE Call  95 ­Chapter Summary  95

7 7.1 7.1.1 7.1.2 7.2 7.2.1 7.2.2

Load Balancing and Network Sharing  97 ­ ore Network Elements Load Balancing  97 C Identification of NAS Node: NRI and Its Source  99 NAS Node Selection Function  99 ­Network Sharing  102 GSM/GPRS/LTE RAN Sharing Through MOCN Feature  103 5G NG‐RAN Sharing Through MOCN Feature (Release 16)  109 ­Chapter Summary  110

8 8.1 8.1.1 8.1.1.1

Packets Encapsulations and Their Routing  111 ­User Data Packets Encapsulations  111 Packets Encapsulations at the CN and RAN  112 GPRS Tunneling Protocol ( GTP)  112

v

vi

Contents

8.1.1.2 8.1.1.3 8.1.1.4 8.1.1.5 8.1.2 8.2 8.3

GTP Functions  112 GTP User Plane PDU: G-PDU  113 GTP Control Plane PDU  114 Example: GTP and Packet Encapsulations at LTE EPC  115 Packet Encapsulations over Air Interface  115 ­IP Packet Routing in Mobile Communications Networks  116 ­IP Header Compression and Decompression  117 ­Chapter Summary  119

9 9.1 9.2 9.3 9.4 9.5 9.6

Security Features in Mobile Communications Networks  121 ­A Brief on the Security Architecture: Features and Mechanisms  121 ­Security Features and Its Mechanisms  123 ­GSM Security Procedures  126 ­UMTS, LTE, and 5G: AS and NAS Layer Security Procedures  127 ­Security Contexts  130 ­Security Interworking  130 ­Chapter Summary  132 Part II  Operations and Maintenances  133

10 10.1 10.2 10.3 10.3.1 10.3.2 10.3.3 10.4 10.4.1 10.4.2 10.4.3 10.5 10.5.1 10.6 10.6.1 10.6.2 10.6.3 10.6.4 10.6.5 10.7

Alarms and Faults Managements  135 ­ etwork Elements Alarm and Its Classifications  135 N ­Sources of Abnormal Events and Alarms  136 ­Identifying Sources of Alarms from 3GPP TSs  136 Abnormal Conditions  136 Protocol Layer Error Handling  137 Abnormal Conditions Due to Local Errors  138 ­Design and Implementation of an Alarm Management System  138 Design and Components of an Alarm  139 Alarm Application Programming Interfaces (APIs)  139 Alarm Database  139 ­Alarm Due to Protocol Error  140 Sample Protocol Error Alarm Description  142 ­Alarm Due to Abnormal Conditions  142 Normal Scenario  143 Abnormal Scenario  143 Sample Alarm Description  144 Sample Alarm Generation  145 Sample Protocol Error Alarm Generation  145 ­How to Troubleshoot Protocol Error Using the Alarm Data  146 ­Chapter Summary  146

11 11.1 11.2 11.3 11.3.1 11.3.2

Performance Measurements and Optimizations of Mobile Communications Networks  147 ­Counters for Performance Measurements and Optimizations  147 ­Performance and Optimizations Management System  149 ­Key Performance Indicator (KPI)  150 What Is a KPI?  150 KPI Domains  150

Contents

11.3.3 11.3.4 11.3.5 11.3.6 11.3.7 11.3.8

KPI for Signaling or Control Plane  152 KPI for User or Data Plane  153 KPI Categories  154 KPI Evaluation Steps  155 Troubleshooting and Improving KPI  156 Components of a KPI Definition  157 ­Chapter Summary  157

12 12.1 12.1.1 12.2 12.2.1 12.2.2 12.2.3 12.3 12.3.1 12.3.2 12.4 12.5 12.6 12.7

Troubleshooting of Mobile Communications Networks Issues  159 ­Air Interface-Related Issues  159 Drive Test, Data Collection, and Its Analysis  160 ­Debugging Issues with IP-Based Logical Interface  160 IP Protocol Analyzer  161 Network/Application Throughput Issue  161 Switch Port Mirroring  161 ­Conformance Testing Issues  162 Example: Mobile Device (MS)/User Equipment (UE) Conformance Test  163 Example: Location Area Update Request  163 ­Interoperability Testing (IOT) Issues  164 ­Interworking Issues  165 ­Importance of Log/Traces and Its Collections  166 ­Steps for Troubleshooting  167 ­Chapter Summary  170



Part III  Mobile Communications Systems Development  171

13 13.1 13.1.1 13.1.2 13.1.3 13.1.4 13.1.5 13.2 13.2.1 13.2.2 13.2.2.1 13.2.2.2 13.2.2.3 13.2.2.4 13.3 13.3.1 13.3.1.1 13.3.1.2 13.3.2 13.3.2.1 13.4 13.5

Core Software Development Fundamentals  173 ­A Brief on Software Development Fundamentals  173 Requirements Phase  174 Design  174 Implementation  175 Integration and Testing  175 Operation and Maintenance  175 Hardware Platforms: Embedded System, Linux Versus PC  176 System Development Using Embedded System Board  176 System Development Using Multicore Hardware Platform  177 What Is a Core?  178 Network Element Development Using Multicore Platform  178 Runtime Choices of Multicore Processor  178 Software Programming Model for Multicore Processor  179 Selecting Software Platforms and Features  179 Selecting Available Data/Logical Structures  180 Advanced Data Structures  180 How Data Structure Affects the Application’s Performance  180 Selecting an Operating System Services/Facilities  181 Advance Features of Operating System: IPC  181 ­Software Simulators for a Mobile Communications Network  184 ­Software Root Causes and Their Debugging  185

vii

viii

Contents

13.5.1 13.5.2 13.5.3 13.6 13.7 13.8 13.9 13.9.1 13.9.2 13.9.3

Incorrect Usages of Software Library System Calls/APIs  185 Incorrect Usages of System Resources  185 Bad Software Programming Practices  185 ­Static Code Analysis of Software  186 ­Software Architecture and Software Organization  186 ­System and Software Requirements Analysis  188 ­Software Quality: Reliability, Scalability, and Availability  188 Reliability  188 Scalability  188 Availability  188 ­Chapter Summary  189

14 14.1 14.2 14.3 14.3.1 14.3.2 14.3.3 14.3.4 14.3.5 14.4 14.4.1 14.4.2 14.4.3 14.4.4 14.4.5 14.4.6 14.4.7 14.4.8 14.4.9 14.4.10 14.4.11 14.5 14.6 14.6.1 14.6.2 14.6.3 14.6.4 14.6.5 14.6.6 14.6.7 14.6.8 14.6.9 14.7 14.8 14.9 14.10 14.11

Protocols, Protocol Stack Developments, and Testing  191 ­Components of a 3GPP Protocol TS  191 ­3GPP Protocol Layer Structured Procedure Description  193 ­Protocol Layer Communications  194 Layer-to-Layer Communication Using Service Primitives  195 Layer-to-Layer Communication: SAP  196 Peer-to-Peer Layer Communication: PDU and Service Data Unit (SDU)  197 Types of PDU  198 Formats of PDU  198 ­Air Interface Message Format: Signaling Layer 3 198 A Brief on the Air Interface Layer 3 Protocol Stack  198 Classification of Layer 3 Messages  199 Layer 3 Protocol Header: Signaling Message Format  200 Layer 3 Protocol Header: Protocol Discriminator  202 Layer 3 Protocol Header: GSM, GPRS Skip Indicator  202 Layer 3 Protocol Header: GSM, GPRS Transaction Identifier  204 Layer 3 Protocol Header: LTE/EPS Bearer Identity  204 Layer 3 Protocol Header: 5GSM PDU Session Identity  204 Constructing a Layer 3 Message  204 Security Protected LTE/EPS and 5G NAS Layer MM Messages  205 Layer 3 Protocol Layer’s Message Dump  207 ­Air Interface Message Format: Layer 2 207 ­RAN – CN Signaling Messages  208 Protocol Layer Elementary Procedure  208 Types and Classes of EPs  210 EPs Code  210 Criticality of IE  211 Types of Protocol Errors and Its Handling  211 Choices of Triggering Message  212 Message Type  212 Message Description  212 Example: LTE/EPS S1 Interface: S1 Setup Procedure  213 ­Modes Operation of a Protocol Layer  213 ­Example of a Protocol Primitive and PDU Definition  215 ­Example of a Protocol Layer Frame Header Definition  216 ­Examples of System Parameters  216 ­Examples of Protocol Information Elements and Its Identifier  217

Contents

14.12 14.13 14.14 14.15 14.16 14.17 14.18 14.19 14.20 14.21 14.22 14.23 14.24

3­ GPP Release Specific Changes Implementation  218 ­Examples of Protocol Messages Types  219 ­Protocol Layer Timer Handling  219 ­Protocol Layer Development Using State Machine  222 ­Protocol Layer Development Using Message Passing  224 ­Protocol Layer Data and its Types  225 ­Protocol Layer Control and Configuration  226 ­Protocol Context Information  227 ­Protocol Layer Message Padding  228 ­Device Driver Development  229 ­Guidelines for Protocol Stack/Layer Development  230 ­Software Profiling, Tools and Performance Improvement  231 ­Protocol Stack Testing and Validation  231 ­Chapter Summary  233

15 15.1 15.1.1 15.1.2 15.1.3 15.1.4 15.2 15.2.1 15.2.2 15.2.3 15.2.4 15.2.5 15.3 15.3.1 15.3.2 15.3.3 15.4 15.4.1 15.4.2 15.5

Deriving Requirements Specifications from a TS  235 ­3GPP Protocol Layer Procedures  235 LTE UE Mode of Operation Requirements  236 LTE UE ATTACH Procedure Requirements  236 LTE UE DETACH Procedure Requirements  237 LTE UE Tracking Area Update Procedure Requirements  237 ­3GPP System Feature Development Requirements  238 Identification of System/Network Elements Interfaces Changes  238 Identifications of Impacts on Performance  238 Identifications of Impacts on Feature Management  239 Identification of Interworking Requirements with Existing Features  239 Charging and Accounting Aspects  239 ­Example Feature: Radio Access Network Sharing  239 Effects on Network Elements  239 Effects on Logical Interfaces  240 Selection of Core Network Operator: PLMN Id  241 ­Example: Interworking/Interoperations  242 Circuit-Switched Fall Back (CSFB)  242 Single Radio Voice Call Continuity (SRVCC)  243 ­3GPP System Feature and High-Level Design  244 ­Chapter Summary  245 Part IV  5G System and Network  247

16 16.1 16.1.1 16.1.2 16.2 16.3 16.3.1 16.3.2 16.4

5G Network: Use Cases and Architecture  249 ­5G System (5GS) Use Cases  249 Enablers and Key Principles of 5GS Use Cases  250 Other Enablers in 5G System  253 ­Support of Legacy Services by 5G System  253 ­5G System Network Architecture  254 3GPP Access Architecture  254 Non-3GPP Access Architecture  256 ­5G System NG–RAN/gNB Logical Architecture  256

ix

x

Contents

16.5 16.6 16.6.1 16.7 16.7.1 16.7.2 16.7.2.1 16.7.2.2 16.8 16.8.1 16.8.2 16.8.3 16.8.4 16.8.5 16.9 16.9.1 16.9.2 16.10 16.11 16.11.1 16.11.2 16.11.3 16.11.4 16.11.5

5­ GC System Architecture Elements  259 ­5G System Deployment Solutions  260 E–UTRA–NR Dual Connectivity (EN–DC) for NSA Deployment  261 ­5G System and LTE/EPS Interworking  265 RAN-Level Interworking  265 Core Network (CN) Level Interworking: N26 Interface  265 Single Registration Mode with N26 Interface  266 Dual Registration Mode: Without N26 Interface  266 ­5G System Native and Mapped Network Identities  268 Mobility Area Identifiers  268 UE/Subscriber Permanent Identifiers  269 Core Network Identifiers  269 RAN Identifiers  269 Core Network Temporary Identities  270 ­5G System Network Slicing  270 Identities for a Network Slice  271 Impacts of Network Slicing Feature  273 ­Management and Orchestration (MANO) of 5G Network  278 ­5G System Security  280 UE Authentication Frameworks and Methods  280 Primary Authentication and Secondary Authentication  282 Key Hierarchy and Authentication Vector  282 New Security Requirements in 5G System  283 Subscriber Identities/Privacy Protection  286 ­Chapter Summary  287

17 17.1 17.2 17.3 17.4 17.5 17.6 17.7 17.8 17.8.1

Introduction to GSM, UMTS, and LTE Systems Air Interface  289 ­Air Interfaces Protocol Architectures  289 ­Protocol Sublayers  290 ­Control Plane and User Plane Protocols  291 ­Protocols Domains Classifications  291 ­Access Stratum and Non-access Stratum  291 ­Message Formats  292 ­Security Over the Air Interface  293 ­Piggybacking for Reduction of Signaling Overhead  293 Examples Piggybacking of Signaling Messages  293 ­Chapter Summary  294

18 18.1 18.2 18.2.1 18.2.2 18.2.3 18.2.4 18.2.5 18.3 18.3.1

5G NR Air Interface: Control Plane Protocols  295 ­NR Control Plane Protocol Layers  295 ­Session Management (5G SM) Layer  296 Procedures of 5G SM Layer  297 PDU Session Types  298 PDU Session Service Continuity (SSC)  299 PDU Sessions for Network Slices  300 Session Management (SM) Layer States  301 ­Quality of Service (5G QoS)  301 LTE/EPS QoS Model: EPS Bearer  301

Contents

18.3.2 18.3.3 18.3.4 18.3.5 18.3.6 18.3.7 18.3.8 18.3.9 18.4 18.4.1 18.4.2 18.4.3 18.4.4 18.4.5 18.4.6 18.5 18.5.1 18.5.2 18.5.3 18.5.4 18.5.5 18.5.5.1 18.5.5.2 18.5.5.3 18.5.6

5GS QoS Model: QoS Flow  301 GTP-U Plane Tunnel for PDU Session  302 Service Data Flow and PCC Rule  302 Binding of Service Data Flow  303 QoS Profile and QFI  303 QoS Rule and QRI  305 Mapping QoS Flow to Data Radio Bearer  305 Downlink Data Flow Through GTP-U Plane Tunnels  307 ­Mobility Management (5G MM) Layer  308 Mobility Area Concepts and Identifiers  308 Requirements of Mobility Management Functions  313 Functions and Procedures of 5G MM Layer  314 Mobility Management Layer States  315 Connection Management (CM) and Service Request  316 Mobility Pattern of UE  317 ­RRC Layer  317 Functions and Procedures of RRC Layer  317 System Information (SI) Broadcast  318 RRC Layer States  319 RRC INACTIVE State  320 Mobility of UE  326 UE Mobility in RRC IDLE State  326 UE Mobility in RRC INACTIVE State  326 UE Mobility in RRC CONNECTED State  327 Admission Control  332 ­Chapter Summary  334

19 19.1 19.2 19.3 19.4 19.5 19.5.1 19.5.2 19.5.3 19.5.4 19.5.5 19.5.6 19.5.7 19.5.8 19.5.9 19.5.10 19.6 19.6.1 19.6.2 19.6.3 19.6.4

5G NR Air Interface  335 ­NR User Plane Protocol Layers  335 ­SDAP Layer  336 ­PDCP Layer  336 ­RLC Layer  340 ­MAC Layer  342 Functions and Procedures  342 Scheduling Procedure  344 Random Access Procedure  346 Error Correction Through HARQ Procedure  351 Buffer Status Reporting (BSR) Procedure  352 Scheduling Request (SR) Procedure  353 Low Latency in the NR Due to Configured Scheduling  353 MAC Layer PDU and Header Structures  354 How MAC Layer Ensures Low‐Latency Requirements  356 Channel Structures in NR  357 ­Physical Layer  359 Principles of Transmissions and Its Directions  360 Physical Layer Functions, Procedures, and Services  360 OFDM Symbol  363 NR Frame and Slot Format  364

xi

xii

Contents

19.6.4.1 19.6.4.2 19.6.4.3 19.6.4.4 19.6.5 19.6.5.1 19.6.5.2 19.6.5.3 19.6.5.4 19.6.5.5 19.6.5.6 19.6.5.7 19.6.6 19.6.7 19.6.7.1 19.6.7.2 19.6.7.3 19.6.8 19.6.8.1 19.6.8.2 19.6.8.3 19.6.9 19.6.9.1 19.6.9.2 19.6.9.3 19.6.9.4 19.6.9.5 19.6.9.6 19.6.10 19.6.10.1 19.6.10.2 19.6.10.3 19.6.10.4 19.6.10.5 19.6.10.6 19.6.11 19.6.12 19.6.12.1 19.6.12.2 19.6.13 19.6.14 19.6.15 19.6.16 19.6.16.1 19.6.16.2 19.6.16.3 19.6.17

Subcarrier Spacing (SCS)/Numerologies (μ)  364 Slots per NR Frame and Subframe  364 Slot Formats in TDD Mode  366 Dynamic TDD  367 Resource Grid and Resource Block  368 Control Resource Set (CORESET)  369 Common Resource Blocks (CRB)  370 Physical Resource Block (PRB)  370 Virtual Resource Block (VRB)  370 Interleaved and Non‐interleaved PRB Allocation  370 PRB Bundling and VRB to PRB Mapping  371 Reference Point “A”  371 Channel and Transmission Bandwidths  371 Bandwidth Part (BWP)  373 Types of BWP  374 BWP Configuration  375 BWP Switching and Associated Delay  376 NR Resource Allocations  377 Frequency Domain Resource Allocation for FDD Transmission  377 Time‐Domain Resources Allocation for FDD Transmission  380 Time‐Domain Resources Allocation for TDD  383 Transport Channels and Their Processing Chain  384 CRC Calculation and its Attachment to a Transport Block  385 Code Block Segmentation  385 Channel Encoding with LDPC  386 Rate Matching and Concatenation  387 Multiplexing of UL‐SCH Data and Uplink Control Information  388 LDPC Encoding Examples  388 Physical Channels and Their Processing Chain  390 Physical Channels  390 Channel Mappings  391 Multiple Physical Antenna Transmissions  392 Physical Channel Processing Chain  395 Physical Downlink Control Channel (PDCCH)  397 Physical Uplink Control Channel (PUCCH) and Information (UCI)  404 Code Block Group‐Based Transmission and Reception  405 Physical Signals  409 Reference Signals Transmitted as Part of Physical Channels  410 Sounding Reference Signals  412 Downlink Synchronization  414 Millimeter Wave Transmission, Beamforming, and Its Management  419 Cell‐Level Radio Link Monitoring (RLM)  424 RRM Measurements for UE Mobility  426 RRM Measurement Signals and Their Quantities  426 RRM Measurements Framework  427 Overall RRM Process  429 Channel State Information (CSI)  430

Contents

19.6.18 19.6.19 19.6.20 19.6.21 19.6.22 19.6.22.1 19.6.22.2 19.6.23

Modulation and Coding Schemes (MCSs)  433 Link Adaptation Procedure  434 Random Access (RACH) Procedure  435 NR Radio Resources Management (RRM) Procedure  439 UE Transmit Power Control  444 Types of Power Control Procedure in NR  444 UE Transmit Power Determination Procedure in NR  445 Effect of Physical Layer on Data Throughputs  445 Chapter Summary  446

20 20.1 20.1.1 20.1.2 20.1.3 20.2 20.2.1 20.2.2 20.2.3 20.2.4 20.2.5 20.2.6 20.2.7 20.3

5G Core Network Architecture  447 Control Plane and User Plane Separation – CUPS  447 Impacts of CUPS Feature  448 CUPS in the LTE/EPC Network  449 CUPS Feature in 5G Core Network  450 ­Service-Based Architecture (SBA)  452 Network Functions and Its Instances  453 Network Functions (NFs) and Their Services Interfaces  454 5G System Architecture with NF  456 Network Functions and Their Services and Operations  457 Network Functions Services Framework  458 Services API for Network Functions  462 Network Function Selection  468 ­Network Function Virtualization (NFV)  469 Chapter Summary  472

21 21.1 21.2 21.3 21.4 21.4.1 21.4.2 21.5

5G System: Low-level Design  473 ­Design of 5GC Service Interface and Its Operations  473 ­Design of 5GC NF Service Interface Using UML and C++ Class Diagram  474 ­Usages of C++ Standard Template Library (STL)  475 ­Software Architecture for 5G System  476 NG-RAN Logical Nodes Software Architecture  476 5GC Software Architecture  479 ­Data Types Used in 5GC SBI Communications  479 ­Chapter Summary  491

22 22.1 22.2 22.3

3GPP Release 16 and Beyond  493 5GS Enhancements as Part of Release 16  493 5GS New Features as Part of Release 16  494 3GPP Release 17  496 ­Chapter Summary  496

Appendix  497 References  503 Index  507

xiii

xiv

About the Author Rajib Taid graduated with a Bachelor of Computer Science and Engineering degree from Jorhat Engineering College, Assam, India. He began his career as an Engineer (Telemetry) at GAIL, a public‐sector entity. Rajib worked there for four years in the area of design and development of application software systems for a gas pipeline. Then, he joined a Gurgaon (Haryana, India)‐based communication software services major as well as product development MNC, Aricent Technologies (www.aricent.com), formerly known as Hughes Software Systems, where he started working as a software developer in the area of mobile communications. He worked there for 12 years, both as an individual contributor and in a lead role, primarily developing software in Radio Access Network, and Core Network domains. The author also visited Australia, the USA and the UAE for onsite assignments. He hails from the Jorhat district of Assam, India. In 2013, Rajib left the mobile telecommunication software development domain and joined BCPL, a public‐sector entity at Dibrugarh, close to his hometown in Assam. Currently, the author specializes in IT and enterprise business information systems management. Rajib Taid is also a member of the Department Management Committee, as an industry expert, for the Department of Computer Science and Engineering in the Dibrugarh University Institute of Engineering and Technology, Assam, India.

xv

Preface Today, we are using at least one smartphone for our day-to-day voice, data communications, online gaming, and transaction services. To enable these services, we are also aware of the different mobile communications technologies that are available around us today, such as GSM, GPRS/EDGE, 3G, 4G, and 5G being the latest communication buzzword. If you are wondering and, sometimes, scouring the web regarding how a mobile communications system is designed, developed, tested, and deployed, then this book is for you! This is an introductory jump-start, foundational, and comprehensive book offering several key concepts encompassing the various practical aspects for the design and development of a mobile communications system and its various entities/ elements based on the GSM, GPRS, UMTS (3G), LTE (4G), and 5G technologies. Note that this book is not about the developments of Mobile Application (apps) software that is intended and developed for a specific purpose/ requirement. The content of this book is specially tailored for the rookie computer science or electronics and communications engineering graduate engineer who has just passed out of college, or even for a lesser experienced person looking for an opportunity to work in the mobile telecommunications space through re-skilling. It starts with the various mobile communications network architectures, identification of a particular network element, the concerned 3GPP standard specifications, various protocols/stacks, as well as the development platforms such as UNIX, and multicore computing. In this book, the reader will also find the troubleshooting of any issue arising out of post-deployment and operation of a mobile communication network element. This book also introduces the “multicore processor” computing platform that is available around us and is the current buzzword in different areas of technologies, be it the desktop or mobile handset. Mobile telecommunications system development using an embedded system platform is also briefly covered. A mobile communication network works and communicates based on the standard technical specifications related to a particular mobile communication technology such as the GSM, GPRS, UMTS, LTE, and 5G system. Also, mobile communication standard technical specifications are large in number and can be bewildering to a new learner. Reading and its implementation, through computer code, of the contents of a GSM/ GPRS/UMTS/LTE/5G technical specification requires a substantial amount of effort, especially the Layer 1 and Layer 2 protocols. From a technical specification, one would come to know what to and when to transmit or receive information. But what is not available in the 3GPP technical specifications is the how to implement part as it is implementation dependent. This book was written keeping these facts in mind, so that students can learn the practical, real-world mobile telecommunications domain subject areas and equip themselves while in college, before starting a career in the relevant domains. To make the contents easier to understand, necessary figures, tables, and sample codes are provided to illustrate the underlying concepts. The illustrative figures and concepts are sometimes general in nature, i.e. applicable for GSM/GPRS or UMTS/LTE/5G system, or all of them, and sometimes a straight copy from the concerned 3GPP technical specification with due permissions.

xvi

Preface

This book is an overview and may not contain exhaustive descriptions or information on various individual components and protocols of a mobile communications system based on the GSM, GPRS, UMTS, LTE, and 5G system. The book attempts to provide the reader with an overall background of the various aspects of an end-toend system development based on the available mobile communication technologies and systems. This book reflects the author’s 12 years of experience with a full lifecycle of software research and development, deployment, testing, operation, and maintenance in the areas of mobile communication, Radio Access Network (RAN), and Core Network (CN) domain deployed across the available platforms, including satellite-based mobile communications systems.

Who should use this book? Mobile Communications System Development: An Introduction to Practical Approach for Systems Understanding, Implementation, and Deployment is primarily for students who have just graduated in either computer science or electronics and communications discipline and is looking for an exciting career in the mobile communications domain. It is also appropriate for students currently studying in the above-mentioned disciplines and looking for project work assignments as a part of the academic curriculum in the mobile communication domain. An experienced person from another software domain can also go through this book for a career reboot into the mobile communication domain.

How to use this book? Mobile communications systems protocol layers, their functions and procedures, and other related information, such as referring to figures, being presented may be brief in nature. For further details about the underlying protocols along with the materials being presented here, the concerned 3GPP technical specification(s) on its website (www.3gpp.org) [1] must be referred to while going through a chapter of this book. The concerned 3GPP technical specifications numbers are mentioned in the References section of the book. The reader is advised to refer to the mentioned 3GPP technical specification and the section number for complete information on the described protocol functions and procedures. Familiarity with the 3GPP website is also important as the reader will be required to visit it quite often to refer to its technical specifications.

Structure of this book Overall, this book is divided into four parts, each containing several chapters. Each part begins with introductory objectives and also mentions the purposes of each chapter under it. Each chapter is followed by its summary. Also, the book starts with an introductory chapter that provides a brief description of the career opportunities offered by mobile communications systems and network ecosystems. Part I Introduction This part contains eight chapters containing the background and introductory aspects and areas of mobile communications systems and networks based on GSM, GPRS, UMTS, LTE, and 5G systems. The materials presented in this part are general in nature but applicable across the mobile communications systems and networks. Even if a reader is starting a career in the LTE or 5G system and network, as a developer or O&M person, one has to know the major key concepts from the legacy GSM/UMTS networks as well.

Preface

Part II Operation and Maintenance This part contains three chapters covering various aspects and areas of the troubleshooting and resolution of mobile communications systems and network issues. Part III Development of Mobile Communications Systems This part contains four chapters covering various aspects and areas of the development of mobile communications systems protocol stack and layers based on the 3GPP standards and their technical specifications. This part also describes hardware platforms to be used for the development of mobile communications systems network elements. Part IV 5G System and Network This part contains seven chapters covering various aspects and areas of a 5G system and network based on its first Release 15 as standardized by the 3GPP. Also, an overview of the enhancements made into the existing features of the 3GPP Release 15 and the addition of new services or capabilities which have been added as part of the 3GPP Release 16 and Release 17 are covered in this part. Dibrugarh, Assam, India Rajib Taid

xvii

xviii

Acknowledgments I­ thank my dear friends and colleagues for offering encouragement and valuable comments during the preparation of this book. During my time in Hughes Software Systems (now known as Aricent, located in Gurgaon, India), I had the opportunity to work with very smart and talented people who were generous in sharing their knowledge and experience. Special thanks also go to Mr. Sumit Kasera (AVP, Technology at Aricent, Gurgaon, India) for his valuable feedback on this book. I would also like to thank 3GPP for permitting me to reproduce a few snapshots from the concerned 3GPP technical specifications. I would also like to thank and appreciate John Wiley & Sons Ltd., UK, and its acquisition, editorial, production, and publishing staff, for their continuous support and cooperation during the entire process of this book’s production.

xix

List of Abbreviations Here are the glossaries of some of the terms used in this book for ready references. For a complete list of terms and their definitions, please refer to the 3GPP TR 21.905 [24]. 3G/4G/5G 3GPP 5GS 5G-GUTI 5G-S-TMSI 5GC A-bis ACK AKA AMF AMP AP APN AF ARFCN ARQ AS ASN.1 AuC AUSF BCF BCH BCCH BICN BIST BS BSC BSN BSS BSSGP BSSMAP BSP BSR

3rd /4th/5th Generation Third Generation Partnership Project 5G System 5G Globally Unique Temporary Identifier 5G S-Temporary Mobile Subscription Identifier 5G Core Network A-bis Interface Acknowledged Mode Authentication and Key Agreement Access and Mobility Management Function Asymmetric Multicore Processing Application Protocol Access Point Name Application Function Absolute radio-frequency channel number Automatic Repeat Request Access Stratum Abstract Syntax Notation One Authentication Center Authentication Server Function Base Control Function Broadcast Channel (Transport) Broadcast Control Channel (Logical) Bearer-Independent Core Network BICN Built-in self-test (BIST) Base station Base station controller Block Sequence Number Base Station Subsystem Base Station System GPRS Protocol Base Station Subsystem Mobile Application Part Board Support Package Buffer Status Report

xx

List of Abbreviations

BTS BWP C-RNTI CBG CBGFI CC CCE CCCH/DCCH CC/CM CM CN CORESET CRB CRC CRI CSI CSI-RS CS-RNTI CSI-RSRP CSI-RSRQ CSI-SINR CSFB CP CPS CQI CS CSN DCI DL-SCH/UL-SCH DM-RS DN DNN DRB DSP DTAP DTCH eMBB EAP ECM EDGE EGPRS eNodeB EIR EMM EN-DC EPC EPS

Base Transceiver Station Bandwidth Part Cell Radio-Network Temporary Identifier Code block group CBG flush indicator Call Control Control Channel Element Common/Dedicated Control Channel Call Control/Connection Management Connection Management Core Network Control Resource Set Common Resource Block Cyclic redundancy check CSI-RS Resource Indicator Channel State Information Channel State Information Reference Signal Configured scheduling RNTI CSI Reference Signal Received Power CSI Reference Signal Received Quality CSI Signal-to-Noise and Interference Ratio Circuit-switched Fall-back Cyclic Prefix Call per second Channel Quality Indication Circuit-switched Concrete Syntax Notation Downlink control information Downlink/Uplink Shared Channel Demodulation reference signals Data Network Data Network Name Data Radio Bearer Digital Signal Processor Direct Transfer Application Part Dedicated Traffic Channel Enhanced Mobile Broadband Extensible Authentication Protocol Evolved Packet System Connection Management Enhanced Data for Global Evolution Enhanced General Packet Radio Service Evolved NodeB Equipment Identity Register Evolved Packet System Mobility Management E-UTRA NR Dual-Connectivity Evolved Packet Core Evolved Packet System

List of Abbreviations

ESM ETSI E-UTRA E-UTRAN FDD FR FR1 FR2 FTP FW GBR GERAN GGSN GMSC gNB/gNodeB GPRS GSM GUAMI GUMMEI HARQ HLR/HSS HS-DSG HSDPA HSPA HSUPA IAB IDNNS IE IEI IMS IMSI INT-RNTI IOT IP IPC IPH ISI ISR IWF KAMSE KPI L1....Ln LAI LCID LDPC LLC LI

Evolved Packet System Session Management European Telecommunications Standards Institute Evolved-UMTS Terrestrial Radio Access Evolved-UMTS Terrestrial Radio Access Network Frequency Division Duplex Frame Relay Frequency Range 1 (5G) Frequency Range 2 (5G) File Transfer Protocol Framework Guaranteed Bit Rate GPRS Edge Radio Access Network Gateway GPRS Support Node Gateway Mobile Switching Center 5G Base Station General Packet Radio Service Global System for Mobile Communication Globally Unique AMF ID Globally Unique MME Identifier Hybrid Automatic Repeat Request Home Location Register/Home Subscriber Server High Speed Downlink Shared Channel High-Speed Downlink Packet Access High-Speed Packet Access High-Speed Uplink Packet Access Integrated Access and Backhaul Intra Domain NAS Node Selector Information Element Information Element Identifier IP Multimedia Subsystem International Mobile Subscriber Identity Interruption RNTI Inter-operability Testing Internet Protocol Inter Process Communication IP Header Compression Inter Symbol Interference Idle State Signaling Reduction Interworking Function LTE Key Access Security Management Entity Key Performance Identifier Layer 1....n Location Area Identification Logical Channel Identifier Low Density Parity Check Logical Link Control Layer Indicator

xxi

xxii

List of Abbreviations

LSB LTE mMTC mIoT MAC MANO MCC MCS MIB MIMO MM MME MMEC MMS MN MNC MOC MOCN MS MSB MSC MSC-S MSIN MU-MIMO N3IWF NACK NAS NEF NF NFV NGAP NG-RAN Non-GBR NNSF NRF NSA NR NRF NSSAI NSSF NSAPI NSS OFDM OFDMA O&M PBCH PCH

Least Significant Bit Long-term Evolution Massive Machine Type Communications Massive Internet of Things Medium Access Control Management and Orchestration Mobile Country Code Modulation and coding scheme Master Information Block Multiple-Input Multiple-Output Mobility Management Mobility Management Entity MME Code Multimedia messaging service Master Node Mobile Network Code Mobile-originated voice call Multi-operator Core Network Mobile station Most Significant Bit Mobile Switching Center MSC Server Mobile Subscriber Identification Number Multi-User MIMO Non-3GPP Inter-working Function Negative Acknowledgment Non-access Stratum Network Exposure Function Network Function Network Functions Virtualization Next Generation Application Protocol Next Generation Radio Access Network Non-Guaranteed Bit Rate NAS Node Selection Function Network Repository Function Non-Standalone New Radio Network Repository Function Network Slice Selection Assistance Information Network Slice Selection Function Network Service Access Point Identifier Network Subsystem Orthogonal Frequency Division Multiplexing Orthogonal Frequency Division Multiplexing Access Operation and Maintenance Physical Broadcast Channel Paging Channel

List of Abbreviations

PCF PCO PCRF PCU PCFICH PDCCH PDCP PDSCH PD PDSCH/PUSCH PDN PDU PDP PEI PER PLMN PFC PGW PHICH PMI POST PRACH PRB P-RNTI PS PSS PSTN PTI PTRS PUCCH PUSCH QAM QCI QFI QoS QPSK RAB RAI RAC RAN RA-RNTI RACH RAT RB RE RBG RF

Policy Control Function Protocol Configuration Options Policy Charging and Restriction Function Packet Control Unit Physical Control Format Indicator Channel Physical Downlink Control Channel Packet Data Convergence Protocol Physical Downlink Shared Channel Protocol Discriminator Physical Downlink/Uplink Shared Channel Packet Data Network Protocol Data Unit Packet Data Protocol Permanent Equipment Identifier Packet Error Rate Public Land Mobile Network Packet Flow Context Packet Data Network Gateway Physical HARQ Indication Channel Precoding-Matrix Indicator Power-on self-test Physical Random-Access Channel Physical Radio Block Paging RNTI Packet Switched Primary Synchronization Signal Public Switched Telephone Network Procedure Transaction Identity Phase-tracking Reference Signal Physical Uplink Control Channel Physical Uplink Shared Channel Quadrature Amplitude Modulation QoS Class Identifier QoS Flow ID Quality of Service Quadrature Phase Shift Keying Radio Access Bearer Routing Area Identification Routeing Area Code Radio Access Network Random Access RNTI Random Access Channel Radio Access Technology Resource Block Resource Element Resource Block Group Radio Frequency

xxiii

xxiv

List of Abbreviations

RI RAU REG RLC RF RIV RNA RNAU RNS RNC RNL RNTI RoHC RR RRC RS RSRP RSRQ RRM RTOS S1-AP SA SAP SAPI SBA SBI SCP SCTP SDAP SDCCH SDN SDU SD SEAF SEPP SFN SFI-RNTI SGSN SIB SLA SMP S-GW SI SM SMS SMF SN

Rank Indicator Routing Area Update Resource Element Group Radio Link Control Radio Frequency Resource Indication Value RAN-based Notification Area RAN-based Notification Area Update Radio Network Subsystem Radio Network Controller Radio Network Layer Radio Network Temporary Identifier Robust Header Compression Radio Resource Radio Resource Control Reference Signal Reference Signal Received Power Reference Signal Received Quality Radio Resource Management Real-Time Operating System S1 Application Protocol Standalone Mode Service Access Point Service Access Point Identifier Service-based Architecture Service-based Interface Service Communication Proxy Stream Control Transmission Protocol Service Data Application Protocol Standalone Dedicated Control Channel Software Defined Networking Service Data Unit Slice Differentiator Security Anchor Functionality Security Edge Protection Proxy System Frame Number Slot Format Indication RNTI Serving GPRS Support Node System Information Block Service-Level Agreement Symmetric Multicore Processing Serving Gateway Skip Indicator/System Information Session Management Short Messaging Service Session Management Function RLC Layer PDU Sequence Number

List of Abbreviations

SN SNDCP S-NSSAI SNPN SSC SST SPS SR SRVCC SRB SRS SSB SSS SS SS/PBCH SS-RSRP SS-RSRQ SS-SINR STL SU-MIMO SUCI SUPI TAC TAU TCH TCP/IP TDD TI TFT TNL TPC TRX TS TTI UCI UDM UDP UDR UE Um UML UMTS Uu UPF UTRAN URLLC UUID

Secondary Node Subnetwork Dependent Convergence Protocol Single Network Slice Selection Assistance Information Standalone Non-Public Network Session and Service Continuity Slice/Service Type Semi-persistent Scheduling Scheduling Request Single Radio Voice Call Continuity Signaling radio bearers Sounding reference signal Synchronization Signal Block Secondary Synchronization Signal Supplementary Services Synchronization Signal Physical Broadcast Channel SS Reference Signal Received Power SS Reference Signal Received Quality SS Signal-to-Noise and Interference Ratio Standard Template Library Single-User MIMO Subscription Concealed Identifier Subscription Permanent Identifier Tracking Area Code Tracking Area Update Traffic Channel Transmission Control Protocol/Internet Protocol Time Division Duplex Transaction Identifier Traffic Flow Template Transport Network Layer Transmit Power Control Trans-receiver Timeslot Transmission Time Interval Uplink Control Information Unified Data Management User Datagram Protocol Unified Data Repository User Equipment GSM Air Interface Unified Modeling Language Universal Mobile Telecommunication System UMTS/LTE Air Interface User Plane Function UMTS terrestrial radio access network UMTS Ultra Reliable and Low Latency Communications Universally Unique Identifier

xxv

xxvi

List of Abbreviations

VLR VoLTE VRB WCDMA Xn-C Xn-U XnAP

Visitor Location Register Voice over LTE Virtual Resource Block Wideband Code Division Multiple Access (UMTS) Xn-Control plane Xn-User plane Xn Application Protocol

1

1 Introduction Career Opportunities in Mobile Communications Networks Space You see, wire telegraph is a kind of a very, very long cat. You pull his tail in New York; and his head is meowing in Los Angeles. Do you understand this? And radio operates exactly the same way: you send signals here, they receive them there. The only difference is that there is no cat. Source: Albert Einstein. Gone are the days when mobile phones were considered a luxury; today, it is among our daily necessities. Mobile communications have evolved quickly and revolutionized the way we communicate and have brought people around the globe closer than ever before. At the same time, the mobile telecom industry has witnessed an explosive growth rate over the past many years, offering a wide range of services and products. The latest trend is the availability of multitasking smartphones and various apps for different services and capabilities for our day-to-day needs. The combination of smartphones and Apps is enabling mobile broadband services to everyone, everywhere, and anytime on the go. This is leading to a growing demand for smartphones along with manifold increase in Internet traffic. The legacy mobile communications network standards such as Global System for Mobile Communication (GSM) (2G), General Packet Radio Service (GPRS) (2.5G), Universal Mobile Telecommunication System (UMTS) (3G), Long-Term Evolution (LTE) (4G), and the emerging and latest buzzword 5G, along with the growth in the number of mobile subscribers, have created a gap between the demand and supply of skilled mobile communications professionals. The mobile communications industry is a key driver and offers immense employment opportunities. The advent of the 5G system and network is expected to create and offer more opportunities for various professionals and business owners. Communications solution service providers, network installers, original equipment manufacturers (OEMs), and communications software solution services provider firms are demanding skilled and experienced professionals. In the mobile communications space alone, career opportunities exist across these different verticals and areas. Some of these career opportunities are shown in Figure 1.1. The career opportunity areas shown in Figure 1.1 are at a very high level only. Each of the areas shown spans across multiple systems and subsystems. Opportunities exist at an entry-level or experienced professional level for various job roles such as software developer and maintenance, team leader, project manager, system architect and engineering, site engineer, network engineer, network operation and maintenance, and so on. Mobile communications systems and networks are built based on open technical standards, covering a wide spectrum of knowledge areas as illustrated in Figure 1.1. The knowledge areas are spread across the different system engineering areas of mobile communications systems and networks. This book attempts to cover some of those knowledge areas from a practical point of view, so that one can be self-equipped to start a career in the mobile communications domain.

Mobile Communications Systems Development: A Practical Introduction to System Understanding, Implementation, and Deployment, First Edition. Rajib Taid. © 2021 John Wiley & Sons Ltd. Published 2021 by John Wiley & Sons Ltd.

2

Mobile Communications Systems Development

Career Opportunities in Mobile communications Systems and Networks Space Operations and Maintenances Areas

-Installation and Commissioning -Drive/Field Test, RF, Network Planning, and Optimization - Maintenance and Sustenance of Mobile Telecom Network -Equipment/Site Engineers for Installation and Uptime -Customer Experience Management -Root Cause Analysis of Failures and Remedial Actions -Network Monitoring

System R&D Areas

-Consulting and System Engineering for Different Business Verticals -System /Software Architecture and Design -Protocol Layer/Stack Design and Development -Testing and Validation, Including Inter-operability Test, of Telecom Standards and Conformances

-Telecom Standard Specification and Interface Development

-KPI and SLA Management -Deep Packet Inspection (DPI) -Preventive & Corrective Maintenances of Active and Passive Elements -Traffic Provisioning & Management

-Operations and Support Systems (OSS) -Business Support System (BSS)

-Alarm/Fault Management -Process Compliances for Audit/Statutory Requirements

-Billing -Alarm/Fault Management

Figure 1.1  Career opportunities in the mobile communications space.

3

Part I Network Architectures, Standardization, Protocols, and Functions Mobile communications systems and networks based on the GSM/GPRS, UMTS, LTE, and 5G systems and technologies consist of telecommunications infrastructures to provide communications services to mobile users. In this first part of the book, several knowledge areas of legacy mobile communications systems and networks which are based on the GSM/GPRS, UMTS, and LTE technologies as well as 5G systems are covered. The 5G system shall be covered exclusively in Part IV of this book. Because even if a reader is starting a career in LTE, 5G, or the latest, system and network, and as a developer or O&M person, one must know the major key concepts from the legacy GSM/UMTS/LTE networks as well. The network architectures and their protocols; the 3GPP standardization processes; systems engineering; functions such as the network identities, packet encapsulations, and interworking of network aspects of the GSM/GPRS, UMTS, LTE, and 5G system are discussed. This part of the book contains eight chapters, and their purposes are as follows. Chapter 2 describes the architectures and their domains of the GSM, GPRS, UMTS, and LTE networks. The standardization processes used by the 3GPP and evolutions of mobile communications networks based on the GSM, GPRS, UMTS, LTE, and 5G systems are also described. The System Engineering aspects of mobile communications networks are described briefly. Chapter 3 describes the architecture and different types of protocols found within the mobile communications systems and networks, which are based on the legacy GSM, GPRS, UMTS, LTE system as well as the 5G system. Various interfaces for peer‐to‐peer protocol layers communications are also described. Chapters 4 to 9 describes some of the essential functions that are performed by the mobile communications systems and networks, which are based on the legacy GSM, GPRS, UMTS, LTE, and the emerging 5G system to provide seamless communications services to mobile users within a particular network or across the networks.

5

2 Network Architectures, Standardizations Process ­Introduction This chapter provides the introductory and high-level architectures of the legacy mobile communications systems which are based on the Global System for Mobile Communication (GSM), Universal Mobile Telecommunication System (UMTS), and Long-Term Evolution (LTE) systems. However, being legacy and general, some of the contents of this chapter apply to the 5G system also. The architecture of the 5G system shall be covered in Part IV of this book. We begin with the basic network architecture of the legacy GSM system, followed by the architectures of UMTS and LTE systems as well. Following this, we present the different domains or areas of a mobile communications network along with their network elements that are interconnected together to provide communication services to users. The evolution of different mobile communications systems is presented. We also cover the system engineering aspects of a mobile communications network that span across its different domains or knowledge areas. We then present the standardization processes used for mobile communications systems and networks that are available currently. Standardization is important for successful developments and integrations of multivendor network elements of a mobile communications system and network. Different features added, in terms of a release, during the evolution of a particular mobile communications system are also summarized.

2.1 ­Network Elements and Basic Networks Architectures A mobile communications network based on the GSM (2G)/General Packet Radio Service (GPRS) (2.5G), UMTS (3G), and LTE (4G) technology comprises the interconnected network of different communicating entities/nodes, called as the network element. Based on a particular communications technology, a mobile communications network comprises several network elements. In the case of a GSM and GPRS network, the network elements are MS (Mobile Station), BSC (Base Station Controller), BTS (Base Transceiver Station), MSC (Mobile Switching Center), SGSN (Serving GPRS Support Node), and GGSN (Gateway GPRS Support Node). In the case of the LTE/Evolved Packet System (EPS) network, the network elements are User Equipment (UE) (mobile station), eNodeB, Mobility Management Entity (MME), Serving Gateway (S-GW), and Packet Data Network (PDN). These interconnected network elements provide end-to-end communication services like voice (Circuit Switched – CS domain in case of GSM and UMTS) and data (Packet Switched – PS domain in case of GPRS and LTE), multimedia contents to subscribers. Note: The abbreviated version of all the terms found in mobile communications systems and networks are being used in this book. For the complete list of glossaries of the terms, their expanded texts, and definitions, refer to the 3GPP TR 21.905 [24]. A partial list of abbreviations is provided under the section “List of Abbreviations”. More about the 3GPP, technical specifications (TS), and technical reports (TR) are described in later sections. Mobile Communications Systems Development: A Practical Introduction to System Understanding, Implementation, and Deployment, First Edition. Rajib Taid. © 2021 John Wiley & Sons Ltd. Published 2021 by John Wiley & Sons Ltd.

6

Mobile Communications Systems Development

2.1.1  GSM (2G) Network Architecture Consider the legacy GSM CS network shown in Figure 2.1. It consists of the different network subsystems and elements: MS, BSS (Base Station Subsystem), and Network switching subsystems (NSS). A GSM network provides the CS voice call services to subscribers. As illustrated in Figure 2.1, a GSM CS communications network is broadly divided into various subsystems, which are described below. ●●

BSS

It consists of the network elements: BTS and BSC. A BTS is a hardware component that is installed to provide communications services in a GSM cell. A BTS transmits and receives information with mobile devices through radio frequency communications. A BSC is responsible for the allocation of radio frequency resources in one or more cells and controls one or multiple BTSs. The GSM BSS, consisting of BTS and BSC, is the interface between a mobile device and the rest of the GSM network or public switched telephone network (PSTN). A BTS is connected to a BSC through a logical interface called A-bis interface. An MS communicates with the BSC through the physical air interface, known as Um. ●●

Network switching subsystem (NSS)

It consists of the network elements: MSC, Home Location Register (HLR), Visitor Location Register (VLR), and so on. The MSC performs all the necessary functions to provide CS voice call services, both for the mobile originated (MO) and mobile terminated. The gateway MSC performs the routing functions on behalf of an MS that is being served by another MSC. A VLR contains information about all the MS currently being served by a particular MSC. An MSC contacts the VLR to find and retrieve the current location of an MS. The HLR is a central database that stores the permanent information of subscribers. NSS is also known as the Core Network (CN) and facilitates seamless communication services to freely moving users within its coverage area or between the networks of different operators or between a mobile and fixed-line network. The vertical dotted lines in Figure 2.1 indicates the separation of one network element from another one or an entire network from another network through a particular interface with a set of protocol layers on it. Each such interface has its name, for example, air interface (Um), A-bis interface, A-interface, and so on, as shown in Figure 2.1. More about the mobile communications network interfaces, both physical and logical, are described in Chapter 3.

VLR

A Interface

A-bis Interface

Air Interface

HLR

B T S

B S C

MSC

Figure 2.1  Network architecture and elements of a GSM network.

EIR

AuC

GMSC

MS Base Station Sub system

Network and Switching Sub system

Logical Interface

PSTN

Network Architectures, Standardizations Process

Figure 2.2  Network architecture and elements of a GPRS network. Air Interface

A-bis Interface

Gb Interface

MSC

EIR HLR

WWW

BSC

B T S

PCU

SGSN

Gi Interface

GGSN

MS Base Station Sub system

Network and Switching Sub system

Logical Interface

2.1.2  General Packet Radio Service (GPRS-2.5G) Network Architecture The architecture of a GPRS network and its elements for packet data services only is shown in Figure 2.2. As shown in this figure, a GPRS network uses the GSM BSS and NSS. However, the BSS provides the GPRS IP packet data services through a separate hardware unit as well as a software component which is known as the Packet Control Unit (PCU). A PCU performs all the packet services-related functions independently but in association with the BSC. Also, two new network elements on the NSS end are SGSN and GSSN. They communicate with each other over an IP transport network. GGSN has the interface to the external PDN over an IP transport network. Functionality wise, an SGSN in a PS domain performs similar functions to an MSC in the CS domain core network. SGSN keeps track of the current locations of MSs and performs the PS domain control, i.e. mobility management and session management, and user data transfer functions. An SGSN can be interconnected with an MSC to deliver CS domain-related paging services to an MS in case it is engaged in a PS session. The GGSN serves as the gateway for a GPRS network to an external IP network. Apart from this, a GGSN allocates IP addresses to a registered MS. Both the SGSN and the GGSN use the IP transport network.

2.1.3  Universal Mobile Telecommunications System (3G) Network Architecture Similarly, consider Figure  2.3 for the different network elements found in a Universal Mobile Telecommuni­ cations System (UMTS) or 3G network. A UMTS network contains network elements such as the UE (known as the MS in GSM network), NodeB (similar to a GSM BTS), Radio Network Controller-RNC (similar to a GSM BSC), SGSN, GGSN, Gateway Mobile Switching Center (GMSC), and MSC. These network elements together provide both the CS and PS data services to subscribers as illustrated in Figure 2.3. Similar to a GSM network, the RNC together with the NodeB is called the Radio Network Subsystem (RNS) in a UMTS network. RNS transmits and receives information with UEs through radio frequency communications. The flow of CS voice call and PS data call is being shown with a bold solid line in the diagram Figure 2.3. The SGSN, GGSN, GMSC, and MSC network elements are reused from the GSM network. Figure 2.3 is the first version of the UMTS network architecture, also referred to as the Release 99. The UMTS CN elements are adapted from the Pre-Release 99 GSM and GPRS networks. Subsequent releases of the UMTS network are known as the Release 4, Release 5, and so on, which are described later in Section 2.3.2.

7

Mobile Communications Systems Development

Figure 2.3  Network architecture and elements of a UMTS network.

CS R N C

Iub

G M S C

M S C

IuCS

PSTN

H

UE

IuPS Node B

Iub

Iur

L R

IuCS

R N C

S G S N

IuPS

PS

G G S N

WWW

Node B CORE NETWORK

UTRAN

2.1.4  LTE (4G) Network Architecture Figure 2.4 shows the network architecture of the LTE system, refer to TS 36.300 [92], which consists of the different network elements: UE, Evolved (e)NodeB, and Evolved Packet Core (EPC) network to provide PS services only. LTE network, which provides higher data rates, was evolved from the previous UMTS system. The term called “Evolved”, denoted by “e” or “E” can be found in any descriptions related to the LTE system. The eNodeB performs the radio communication-related functions and controls one or more cells, similar to a UMTS NodeB +RNC. Apart from this, eNodeB performs the radio resources allocation, UE scheduling, and forwarding of the user traffic/data functions to the S-GW. An eNodeB is interconnected with other eNodeBs over the X2 interface, and together, they form the Evolved-UMTS Terrestrial Radio Access Network (E-UTRAN) of an LTE/EPS network. The LTE EPC contains the network elements such as Mobility, Management Entity (MME), Serving Gateway (S-GW), and Home Subscriber Server (HSS). An MME performs the signaling or controlling, e.g. mobility

MME/S-GW

Figure 2.4  Overall network architecture and elements of an LTE network. Source: © 2015. 3GPP ™ TSs and TRs are the property of ARIB, ATIS, CCSA, ETSI, TSDSI, TTA and TTC who jointly own the copyright in them. © 2015, 3GPP.

MME/S-GW

S1

S1

S1

S1

X2

eNB

eNB X2

X2

8

eNB

E-UTRAN

Network Architectures, Standardizations Process

management, session management, and related functions between a UE and the EPC network. The HSS performs the similar functions of an HLR found in the GSM and UMTS system. The HLR/HSS is a database that stores the subscriber’s permanent information in a mobile communications network. Unlike the previous systems, i.e. GSM and UMTS, in the LTE system, the various management functions related to signaling and user data/call aspects are assigned separately to the MME and S-GW. In an LTE network, the E-UTRAN and the EPC are collectively known as the Evolved Packet System (EPS). An eNodeB is connected to the MME (for signaling) and S-GW (for user traffic) over the S1 interface; refer to Figure 2.4. The LTE system is an all IP-based network, i.e. all the network elements communicate with the existing IP transport network only. This differentiates the LTE communication network from its predecessors, GSM, GPRS, and UMTS networks, which uses other transport networks, such as ATM and Frame Relay, apart from the IP transport network. From the comparisons of Figures 2.1–2.4, it appears that the number of network elements in an LTE/EPS network has reduced. This has led to a smaller number of protocols and interfaces between network elements compared to the GSM and UMTS system. For an overall description of the functions performed by each of the network elements of the respective mobile communications network described above, refer to the TS 23.002 [29].

2.1.5  GSM, UMTS, LTE, and 5G Network Elements: A Comparison Based on the similar functions performed, one can compare the different network elements of a GSM, UMTS, and LTE network. A side-by-side comparison of different network elements of GSM, GPRS, UMTS, and LTE networks is shown in Table 2.1 below. The BTS and BSC of a GSM network are known as the NodeB and RNC in the UMTS system. Similarly, the functions performed by a BTS and BSC of a GSM network are performed by the eNodeB only that is found in an LTE network which was shown in Figure 2.4.

2.1.6  Circuit Switched (CS) vs Packet Switched (PS) At the beginning of Section 2.1, the types, i.e. CS as well as PS, of services being provided by a typical mobile communications network was mentioned. In the case of a CS call, an end-to-end dedicated physical circuit establishment is required prior to the starting of voice call service on it. However, no such dedicated physical resources or path is required to be established for a PS call. A refresher illustration showing this basic difference between a CS and PS call is shown in Figure 2.5. In Figure 2.5 illustration, User A wants to start a CS voice conversation (bold solid line) with User B. Prior to that, a dedicated and exclusive physical path/circuit (dotted line) for the entire duration of the call is required to be established between them through the interconnected switching or network elements. Similarly, User C wants to visit a web site, say www.abc.com, which is a typical PS data transfer scenario. In this case, the user’s mobile Table 2.1  Network elements comparisons. Mobile communication systems Network elements

GSM/GPRS

UMTS

LTE

5G

GERAN

UTRAN

E-UTRAN

NG-RAN

SGSN

SGSN

S-GW

UPF

GGSN

GGSN

PDN gateway

SMF (partially)

HLR

HLR

HSS

UDM and AUSF

9

10

Mobile Communications Systems Development

Circuit Switched Call User A

User B NE1

NE1

NE2

NE2

NE1

NE2

NE1

NE2

Figure 2.5  Illustration of circuit switched and packet switched data transfer.

Packet Switched Call User C NE1

NE2

WWW Server

NE1

NE2

WWW Server

NE1

NE2

WWW Server

Voice Traffic

Data Traffic

Signaling

device sends a burst of data to the concerned network element NE1. Following this, depending on the concerned timer value and response from the webserver, the mobile device may release the ongoing signaling path that was established with the network element NE1. Network element NE1, in turn, shall forward the received packets to its peer network element NE2, en route to the web site server, say www.abc.com.

2.2  ­Mobile Communication Network Domains As illustrated in Figures 2.1–2.4, organizations and interconnections of different network elements constitute the Network Architecture for a particular mobile communications network, such as the GSM, GPRS, UMTS, and LTE networks. Interconnections are realized through different logical and physical interfaces as described later in Chapter 6. Related network elements of a mobile communications network are grouped and logically divided into three domains, as follows: ●● ●● ●●

Access Network (AN) Core Network (CN) Mobile Station or User Equipment (MS/UE) AN and CN form the infrastructure domain of a typical mobile communications system and network.

2.2.1  AN Domain An AN domain consists of equipment and systems that are responsible for radio frequency-related transmission and reception in one or more cells to or from the UE or mobile device (MS). Across the different mobile communications networks, ANs are known as follows: ●● ●● ●● ●●

Radio Access Network (RAN) in the case of the GSM system. Universal Terrestrial Radio Access Network (UTRAN) in the case of the UMTS system. Evolved Universal Terrestrial Radio Access Network (E-UTRAN) in the case of the LTE system. Next-Generation Radio Access Network (NG-RAN) in the case of the 5G system.

Network Architectures, Standardizations Process

Though the above ANs are responsible for radio frequency resource allocation and communication path control in general, they perform various functions differently depending on the radio access technology (RAT) being used. The GSM RAN and UMTS UTRAN perform both the CS and PS switched network functions; the LTE E-UTRAN or 5G NG-RAN performs PS network functions only.

2.2.2  Core Network (CN) Domain A Core Network (CN) domain is the backbone infrastructure for a mobile communications system and network which consists of hardware and systems. A CN is also a gateway to the traditional PSTN system. CN primarily takes care of all the call control-related functions. A CN also performs various functions such as the authentication, charging, and setup of end-to-end connections required for different telecommunication services. A CN is independent of the radio connection technology for a mobile device. In the case of the LTE system, both the core network and the RAN are fully based on IP PS due to which it is also called the Evolved Packet System (EPS). In the case of the 5G system also, both the core network and the RAN are fully based on the IP PS network. From Figures 2.1–2.3, one can see that the GSM/GPRS and the UMTS differ in the AN only. However, UMTS reuses the core network elements (e.g. MSC, SGSN, GGSN, and so on) from the GSM core network. In the case of the LTE system, the entire architecture is, however, different from the GSM and UMTS system. Neither has it reused the AN nor has it reused the CN elements from the previous cellular systems. The CN of an LTE network works on top of an IP transport network, whereas the GSM and UMTS CN may use mixed transport networks.

2.2.3  Network Domains and Its Elements In the previous sections, we have described, in general, the AN and CN domains or areas of different mobile communications networks that are available today. Each network domain consists of various network elements as shown in Figure 2.6. This is a general and an introductory figure to provide the reader with an overall view of the various network domains and its elements of communication networks based on the GSM, GPRS, UMTS, and LTE systems. Note that in the LTE system, the network element HLR and Authentication Center (AuC) have been

MS

Core Network

Access Network

GERAN

BSS

UTRAN

RNS

E-UTRAN e NodeB

BSC

RNC

BTS

NodeB

CS

PS GPRS

MSC GMSC

HLR

IWF

AuC VLR

SMS GMSC

EIR

SGSN GGSN

EPC MME SGW PGW PCRF HSS

Figure 2.6  Network domains and their elements of mobile communication networks: GSM to 4G (LTE/EPS).

11

12

Mobile Communications Systems Development

replaced by the HSS. For the expanded texts version of these abbreviated acronyms, refer to the abbreviation section of this book. The vertical dotted lines shown in Figure 2.6 represent the logical interface between two network domains of a mobile communications network. More about the logical interfaces using which network elements exchange protocol information is described later in Section 3.1.2. For the description of the functions performed by each of the network elements shown in Figure 2.6, the reader is recommended to refer to the TS 23.002 [29]. Identification and other aspects of the 3GPP technical specification are described later in Section 2.5. The network elements of the AN domain work using the respective and particular RAT of a mobile communications system. The CN is further divided into the following domains. ●● ●● ●●

Circuit Switched (CS), which provides voice call services in case of the GSM and UMTS system. Packet Switched (PS), which provides data services in the case of the GPRS, UMTS, and LTE/EPS systems. IMS (IP multimedia subsystem), which is used to provide voice call services over an LTE/EPS network.

Note that some of the network elements are found in the CN domain only. For further details on the functions performed by the different network elements, refer to TS 23.002 [29]. In the next two sections, illustrations are presented to illustrate the end-to-end protocol information flow through the above network domains of a GSM network.

2.2.4  Example: End-to-End Mobile Network Information Flow Figure 2.7 illustrates, in general, an end-to-end information flow starting from the MS/UE to the external network to offer communication services such as the voice, data, and multimedia contents in the case of a GSM, UMTS, LTE, or 5G network. The same figure can be used to illustrate the end-to-end information flow by replacing the RAN and CN elements of the respective communication systems, i.e. GSM, UMTS, LTE, and 5G systems. In Figure 2.7, observe the extent of the dotted as well as the bold and solid line. ●●

●●

The dotted line terminates between the MS and the RAN. This is the radio frequency signaling information flow path between the MS and the RAN, which facilitates establishing and access dedicated network resources by the MS. The dark solid and bold line terminates between the MS/UE and core network via the RAN. This is the actual user data/traffic information flow path between the MS and the CN, en route to an external network.

In a cellular system, radio signaling must be established prior to a user can start using various services like voice and data. So, a data/traffic path has been shown on top of the signaling path in Figure 2.7. Figure 2.7  Illustration of end-to-end flow of information in a mobile communication network.

CN RAN

MS/UE

Transceiver Station

Radio Access Network

Signaling Flow

Data

C O R E

N e t w o r k

External Network

Network Architectures, Standardizations Process

2.2.5  Example: GSM MO Call Whenever the call button of a mobile phone is pressed, a great deal of information is exchanged in the form of a signaling message among the various network elements of a mobile communications network. In the case of a mobile-initiated call, the signaling message flow starts from the mobile station to the core network until the subscriber disconnects the voice call. This is further illustrated through a typical GSM MO call flow diagram shown in Figure  2.8. In Figure  2.8, the text inside the bracket shows the corresponding 3GPP technical specification number (described in the subsequent sections), where the definition and more details about the concerned signaling messages can be found.

Figure 2.8  Illustration: GSM MO call flow.

Mobile

User Press Send Button

MSC

BSC

Channel Request [RR, TS 44.018] Immediate Assign. [RR, TS 44.018] CM Service Request [MM, TS 24.008]

Ciphering Mode Cmd. [RR, TS 44.018]

CM Service Request [MM, TS 24.008] Ciphering Mode Cmd. [RR, TS 44.018]

Ciphering Mode Complete Ciphering Mode Complete

[RR, TS 44.018]

[RR, TS 44.018] CM Service Accept [MM, TS 24.008]

CM Service Accept [MM, TS 24.008]

Setup

[CC, TS 24.008]

Call Proceeding

[CC, TS 24.008] Assignment Request [BSSMAP, TS 48.008]

Connecting…. Channel Mode Modify [RR, TS 44.018] Channel Mode Modify Ack [RR, TS 44.018]

Alerting Tone

Assignment Complete [BSSMAP, TS 48.008]

Alerting [CC, TS 24.008] Connect [CC, TS 24.008] Connect Ack [CC, TS 24.008]

Connected Voice Path setup completed between users. Conversion follows.

13

14

Mobile Communications Systems Development

In the typical GSM call flow example shown above, the following network elements are involved to provide an end-to-end MO voice call facility to the user. ●● ●● ●●

Mobile device or station BSS, comprising the BTS and the BSC MSC

Once the user initiates a voice call, it goes through several phases as summarized below. All these phases involve the exchanging of various signaling messages among the protocol layers of different network elements of the AN and CN domains. ●●

●● ●● ●● ●●

Establishes a Radio Resource Connection between the MS and BSC to transport the call-related information to the MSC. Allocates the necessary signaling connection and traffic channel by the BSC. MSC authenticates the mobile device/station. The Radio Resource Connection phase is completed and a connection between the MS and MSC is established. MS further sends the call setup message to the MSC. The MSC reserves the necessary resources and connects with the called party; thus, a voice/speech path has been setup between the mobile users. The voice is now in the conversation phase. Once the conversation ends and the user presses the disconnect button, the call enters into the Call Release phase where the BSS, as well as the MSC, frees the allocated radio resources. Similar steps take place whenever a mobile user tries and place a call to a PSTN landline telephone user. However, in this case, the MSC also establishes a signaling connection with the fixed PSTN.

2.3  ­Mobile Communications Systems Evolutions Section 2.1 described the basic network architectures from the GSM to the LTE system. In this section, we will introduce further the evolutions of the mobile communications networks and systems, from the GSM to LTE, with respect to their air interface and network architectures. The 3GPP, which is described later in Section 2.5, is responsible for standardizing and defining the system architecture evolutions (SAEs) of the GSM to the 5G system-based mobile communications networks.

2.3.1  Evolutions of Air Interface The air interface (known as Um in GSM: Uu in UMTS, LTE, 5G) of a mobile communications network is used to communicate between a mobile device and its RAN. In the GSM system, mobile devices use the frequencydivision multiple access (FDMA)/time-division multiple access (TDMA)-based radio access methods. In UMTS, UEs use the Wideband Code Division Multiple Access (WCDMA)-based radio access method, LTE UEs use the Orthogonal Frequency Division Multiplexing Access (OFDMA) and SC-FDMA-based radio access methods, and 5G uses the OFDMA-based radio access method to communicate with the respective RAN. Figure 2.9 illustrates the evolutions of the 3GPP mobile communications systems along with the radio access method used in each evolution from the GSM to the 5G system. The arrow indicates the increased data rates in each evolution. The air interface and its evolutions can be studied in terms of the access technologies and its modulation technique used, which is shown in Figure 2.9. One of the factors that determine the rates of data transfer or throughputs is the modulation technique used by each radio access method. Table 2.2 shows the modulation techniques, bandwidths, and data rates offered over the GSM, UMTS, LTE, and 5G air interface. From this table, it is observed that even within a particular radio access method, for example, UMTS, the data throughput offered in the downlink (DL) and uplink (UL) directions are different depending on the modulation technique used by it.

Network Architectures, Standardizations Process

Figure 2.9  Illustration: 3GPP systems and air interface evolutions.

GSM

GPRS 2.5G

2G

HSD(U) UMTS PA EDGE 3G 2.75G

WCDMA

FDMA/TDMA

HSPA+

LTE-A

LTE

New Radio

4G

5G

OFDMA, SCFDMA

Table 2.2  Evolutions of 3GPP systems and their air interfaces. System/features

Modulation techniques

Bandwidth

Throughputs

GSM (2G)

GMSK

200 KHz

40 kbps

GPRS (2.5G)

GMSK

200 KHz

171 kbps

EDGE (2.75G)

GMSK, 8-PSK

200 KHz

384 kbps

UMTS (3G)

QPSK

5 MHz

384 kbps

HSDPA (3G) Feature

DL: QPSK, 16 QAM UL: QPSK

5 MHz

DL: 14.4 Mbps UL: 384 kbps

HSUPA (3G) Feature

DL: QPSK, 64 QAM UL: QPSK, 16 QAM

5 MHz

DL: 14.4 Mbps UL: 5.8 Mbps

HSPA+(3G) Feature

DL: QPSK, 64 QAM UL: QPSK, 16 QAM

5 MHz

DL: 21–42 Mbps UL: 11 Mbps

LTE (4G)

DL: QPSK, 64 QAM

1.4, 3,5, 10, 15,20 MHz

DL: 300 Mbps UL: 75 Mbps

LTE-A (4G)

DL: QPSK, 64 QAM

1.4, 3,5, 10, 15, 20 MHz

DL: 3 Gbps UL: 1.5 Gbps

5G

QPSK, 16/64/256 QAM

5 to 400 MHz

DL: 20 Gbps UL: 10 Gbps

As shown in Table 2.2, the UMTS features and the LTE and 5G system air interface use the different modulation techniques in the UL and DL directions between the UE and RAN. Using GMSK modulation, one modulation symbol can carry 1 bit of data; one QPSK modulation symbol can carry 2 bits of data; one 16 Quadrature Amplitude Modulation (QAM) modulation symbol can carry 4 bits of data; and so on. The number of data bits transmitted per modulated symbol is called the modulation order. The throughput offered by different modulation techniques is shown in the fourth column. UMTS features High-Speed Downlink Packet Access (HSDPA) and High-Speed Uplink Packet Access (HSUPA) are known as the High-Speed Packet Access (HSPA) method in the DL and UL directions, respectively. The HSPA+ feature is called as the evolution of the HSPA method. These access methods use the same modulation technique, i.e. QAM, but with different modulation orders. HSPA+ and HSUPA use higher (64) QAM than the HSDPA method. However, the HSPA+ method uses multiple-input multiple-output transmission

15

16

Mobile Communications Systems Development

techniques (MIMO) with two antennas for transmission of data from the UTRAN to UEs. More about the modulation techniques and MIMO transmissions are described later in Chapter 19.

2.3.2  Evolutions of 3GPP Networks Architectures Along the path of evolutions, a new network element may be introduced or an existing one may be eliminated from the AN and CN domain of a particular mobile communications network and its architecture. For example, the LTE system has a simpler architecture having fewer nodes, channels, and less signaling messages than the UTRAN system. Network element such as the GPRS/UMTS SGSN also exists in an LTE/EPS network during the entire 3GPP mobile communications systems evolutions with enhanced roles being added to it. An engineer working on the GSM system will find it easy to understand the various aspects of the GPRS/Enhanced Data for Global Evolution (EDGE) system. Similarly, one will understand the LTE system better having working experience on the UMTS system. Figures 2.10–2.12 show the architectural differences among the different 3GPP systems releases, i.e. Release 99, Release 4, Release 5, and so on. Compare these architectures with the GSM network shown earlier in Figure 2.1 with respect to the network element, interfaces, and signaling systems. More about the 3GPP group and its technical specification is described later in Section 2.5. ●●

Release 99: The First UMTS Release Architecture

The 3GPP Release 99 system architecture that was shown earlier in Figure 2.3 is illustrated again in Figure 2.10 below in a slightly different way. 3GPP Release 99 evolved from the previous GSM/GPRS system in terms of new RAT only and introduces the new AN called the UTRAN, comprising a NodeB and an RNC. This implies that only the air interface had evolved from the TDMA/FDMA in GSM/GPRS system to the WCDMA scheme in UMTS while adapting to the CN elements from the pre-release 99 GSM/GPRS network, with necessary software enhancements. However, as shown in Figure 2.3, new interfaces are being added in the UMTS Release 99 architecture, and they are different from the GSM and GPRS networks.

UTRAN

Figure 2.10  System architecture 3GPP Release 99.

Core Network CS Domain MSC

GMSC

NodeB Signaling Only Voice Path

HLR Signaling Only

RNC

Data Path

PSTN

SGSN

GGSN

PS Domain Release 99 3GPP System Architecture

WWW

Network Architectures, Standardizations Process

Figure 2.11  System architecture 3GPP Release 4.

CS Domain CS-MGW

CS-MGW

MSC Server

GMSC Server

NodeB Signaling Only

Voice Path RNC

PSTN

HLR Signaling Only

WWW

Data Path Signaling

SGSN

GGSN

PS Domain UTRAN

●●

Core Network

Release 4 Architecture: Voice Call Through IP Transport Network

In the 3GPP Release 4 system architecture, Figure 2.11, changes were made only in the CS domain. In the case of the 3GPP Release 99 architecture, the CS domain core network elements – MSC and the GMSC – perform both the user traffic transport and the control/signaling, i.e. call control and mobility, functions. However, in the Release 4 architecture, the MSC has been separated into two entities: CS-Media Gateway (CS-MGW) and MSC Server. CS-MGW handles the transport of user traffic in the form of IP packets only between the RNC and the CS-MGW. The MSC/GMSC Server handles the signaling (call control and mobility management) part only as shown, the dotted line between the RNC and MSC, in Figure 2.11. The signaling activities last for a fraction of time only. The separation of the transport and signaling or control functions between MSC Server and the CS-MGW is achieved through a new Release 4 feature called the Bearer-Independent Core Network (BICN). Because of this, in the CN, IP has been introduced as the new transport network to transport voice call traffic in the form of IP packets only instead of 64 kbits/timeslot format as it was the case during the UMTS Release 99 and pre-Release 99 core networks, i.e. GSM. In these 3GPP releases, a voice call is carried through 64 kbits/timeslot format over the A-interface between the BSC and MSC. ●●

3GPP Release 5 Architecture: All IP Network

The 3GPP Release 5 system architecture is shown in Figure 2.12. In comparison to the previous architectures, this evolution is based on the three major changes that were introduced in the Release 5 architecture: –– An all IP network through the usage of the IP as the only transport network right from the NodeB to the CN elements. –– The introduction of the IMS for multimedia services, e.g. voice call and Home Subscriber Server (HSS) in place of HLR (Release 4). –– High-Speed Downlink Packet Access (HSDPA) feature to increase the data transmission speed from the UTRAN to the UE in the DL direction.

17

18

Mobile Communications Systems Development

Figure 2.12  System architecture 3GPP Release 5.

Traditional Circuit-switched Voice Network NodeB

PSTN

Release 4 Network

HSS

WWW

Signaling Only

SGSN

RNC

GGSN

CSCF

PS Domain All IP Network

MGCF IMS

Release 5 3GPP System Architecture

In this architecture, there is no CS domain, but any CS voice call is routed through the IMS Media Gateway (MGCF) node in Release 5 to the existing Release 4 network. ●●

3GPP Release 8: First Version of LTE System

The network architecture of the Release 8 or the first version of the LTE system was shown earlier in Figure 2.4. From a comparative study of network architectures of the GSM, GPRS, UMTS, and LTE systems, the following characteristics of the Release 8, i.e. first version of the LTE network, can be summarized. –– A simpler and fully PS network based on IP transport, from E-UTRAN to Evolved Packet Core (EPC). The CS domain is no longer available in the LTE and EPC networks. –– Both the AN and the CN domains of the LTE system has evolved, from the previous UMTS system, due to which it is also known as the System Architecture Evolution (SAE). –– LTE/EPC network has a flat architecture with fewer nodes or network elements, resulting in reduced latency and faster exchanges of information between UEs and E-UTRAN. This is because unlike the GSM and UMTS, there is no separate radio controller in the LTE system. Radio controller functionalities are integrated into the eNodeB, and it alone performs the similar functions performed by a GSM BSC and BTS or UMTS RNC and NodeB. –– New EPC network elements – MME, S-GW, and PDN gateway – have been added. Another version of the LTE system architecture is shown in Figure 2.13. Unlike Figure 2.4, the following figure shows the interconnection of the Evolved Packet Core Network elements also, namely, the S-GW, the PDN gateway, and the HSS. The S-GW handles and performs the user data transfer-related function, e.g. packet forwarding and routing, of the EPC network. A PDN gateway, similar to the GGSN of a GPRS network, allocates an IP address to a UE and connects the EPC network to the external IP network. For an overview of the functions by these network elements, refer to TS 23.002 [29]. The EPC network in the 3GPP Release 8 architecture support PS services only. To provide a CS voice call service for a UE registered in an LTE/EPC network, alternate features are used such as the Circuit Switched Fall Back (CSFB) and IMS. More about the IMS and CSFB features are described in later Sections 6.2.1.1 and 6.2.3.

Network Architectures, Standardizations Process

Air Interface: S6a

Uu

MME

HSS WWW

S1 - MME eNodeB

UE

S1 - User

S11 SGi

S5 SGW

PDN

E-UTRAN Evolved Packet Core Signaling /Controlling

User Traffic

Figure 2.13  LTE system architecture with EPC nodes.

2.4  ­Mobile Communications Network System Engineering In Section 2.2, the network domains of a typical mobile communications network have been introduced. Apart from these, there are several other aspects of a mobile communications network that enable network operators to run their network smoothly. Similar to any other systems engineering, a mobile communications network is also an interdisciplinary system that provides various management functions in realizing a successful network while enabling and offering various communications services to subscribers. At a high level, the essential and general systems engineering aspect of each of the mobile communications systems and networks based on the GSM, UMTS, LTE, and 5G systems can be divided into different management areas, as shown in Figure 2.14. These system engineering aspects span across the AN, the core network, and beyond.

2.4.1  Mobility Management Mobility management aspects of a system engineering deals with the capabilities and functions performed by a mobile communications network for enabling the continuation of the current communication services being in use by a moving user. It also deals with keeping track of the current location of a mobile user so that the network could reach and alert the mobile device for an incoming call at any point in time. Other situations where mobility management functions are needed are as follows: Figure 2.14  Mobile communications network systems engineering.

Subscriber and Service Management Security Management

Air interface Management

Mobility Management

Mobile Communications Systems Engineering

Network Maintenance

19

20

Mobile Communications Systems Development ●● ●●

Whenever a mobile device is switched off and on again in the same area or different service areas. The current state of the mobile device, i.e. idle and active and their transition. 5G system mobility management system engineering aspects are described later in Chapter 18.

2.4.2  Air Interface Management In a mobile communications network, the air interface is used to transmit and receive data, i.e. signaling and voice traffic, over a wireless medium between a mobile device and its base trans-receiver station. The air interface uses the radio frequency transmission and forms the basis for the physical layer between the mobile device and the base trans-receiver station. Air interface management deals with the optimum allocation, re-assignment, and releasing of the allocated radio frequency resources in terms of timeslots/channels among the mobile devices. The physical properties and structure of the air interface greatly differentiate one system from another one, i.e. TDMA/ FDMA in GSM, WCDMA in UMTS, and OFDMA/SCDMA in the case of the LTE system. In Section 2.3.1, we discussed how the air interface evolved from the GSM to LTE. 5G system air interface management aspects are described in Chapter 19.

2.4.3  Subscribers and Services Management Subscribers and services management deals with various administrative tasks, as follows: ●●

●● ●●

Subscriber provisioning, i.e. establishes a new subscription, edits, or updates the existing tariff plan details, such as the supplementary services and value-added services, subscribed by a subscriber. Stores subscriber information in a central database. Generates charging, billing, and accounting for subscribers.

2.4.4  Security Management Protecting the user’s identity while engaging in a mobile communications service is a prime concern. As far as the security management functions are concerned, a mobile communications network provides the following facilities: ●●

●● ●●

Authentication, which ensures that only an authorized user/subscriber access mobile communications network services. Subscriber information confidentiality through ciphering/encryption method. Allocation of temporary identity to a mobile device to protect user identity. Security Management aspects are described in Chapter 9.

2.4.5  Network Maintenance Apart from network elements and their software systems, a mobile communications network consists of various active and passive infrastructures and devices. Network faults cannot be ruled out during the peak load time. Periodic and preventive maintenance minimizes the chances of failures and network downtime. Various tools are used for fault detection as well as correction of network faults. Network management aspects are described in Chapters 10–12. Each system engineering area that is shown in Figure 2.14 is further divided into different subject areas, such as requirements, design, and signaling. The implementation details of each of the management areas shown in

Network Architectures, Standardizations Process

Figure 2.14 shall differ as defined by the concerned 3GPP TSs, from the GSM to the 5G system. For example, in the case of the GSM system, ciphering and encryption are done for messages exchanged between the MS and the RAN only, whereas in the case of the LTE or 5G system, ciphering is also done for messages exchanged between the MS and the core network element. Also, the implementation details of a particular management area mentioned in Figure 2.14 may differ in the case of CS and PS call. For example, in the GSM system, ciphering is performed by the BTS, whereas in the GPRS system, the same is performed by the SGSN. In this book, only the Mobility Management, Air Interface Management, Security Management, and the Network Management system engineering areas are covered. The interested reader is recommended to look for other resources for the subscribers and services management area of a particular mobile communications network.

2.5  ­Standardizations of Mobile Communications Networks 2.5.1  3rd Generation Partnership Project (3GPP) In the preceding sections, we have discussed mobile communications network architectures along with their various network elements which are based on the GSM, UMTS, LTE, and 5G technologies. The interconnected network elements, either from the same or different OEM(s), provide end-to-end mobile communications and broadband services to subscribers. A network element communicates with another network element(s) through a standard protocol like the different PCs, and servers use Transmission Control Protocol/Internet Protocol (TCP/ IP) and other protocols to communicate with each other over the Internet. There are international bodies that define and standardize various standard protocols such as TCP/IP, File Transfer Protocol (FTP), and Internet Control Message Protocol (ICMP). Similarly, the protocols and architectures used in a mobile communications network with interconnected network elements are defined and standardized by an organization called 3rd Generation Partnership Project, shortly called as 3GPP. It is a collaborative effort among different organizational partners. Those partners are ARIB, ATIS, CCSA, ETSI, TTA, TTC, and TSDSI, which are regional and national standards bodies, from Asia, Europe, and North America. See Figure 2.15. The 3GPP and its organizational partners develop and standardize the architectures and protocols used in a mobile communications network. In a nutshell, start visiting the 3GPP site [1] right away to learn more about the 3GPP and its structures and crawl through the various information available under the different pages. The 3GPP site contains all the required information which is a key to know about the standardization processes of mobile communications systems and networks and their network elements that span across its different system engineering areas. A mobile communications network, consisting of the system engineering areas CCSA 3GP shown in Figure 2.14, that is conforming to 3GPP specifications is said to be a 3GPP compliant communications system. ETSI TTC

2.5.2  3GPP Working Groups Within the 3GPP, there are four technical specification-working groups (TSG) dealing with a particular area of work. Those groups are: ●● ●● ●● ●●

RAN, Service and Systems Aspects (SA), Core Network and Terminals (CT), and GSM EDGE Radio Access Network (GERAN).

ARIB

3GPP Organizational Partners

TTA

TSDSI

ATIS

Figure 2.15  3GPP organizational partners/ members.

21

22

Mobile Communications Systems Development

Each of the above areas/groups has further subgroups, such as RAN1, RAN2, RAN3, RAN4, RAN5, and SA1 to SA6, depending on a work area. For details, visit the specification group link on the 3GPP site [4] to know about the different working groups and their area of responsibilities. There is a table named “Project Co-ordination Group (PCG)” containing hyperlinks for various working groups which could be explored further by clicking on the same. 3GPP specifies: ●● ●● ●●

Maintenance and evolution of radio access technologies starting from GSM (2G) to 5G and beyond. Maintenance and evolution of core network and system architecture starting from GSM (2G) to 5G and beyond. Service layers such as GSM Services and IMS.

2.5.3  3GPP Technical Specification and Technical Report In our day-to-day life, we use different electronic gadgets just in a plug and play way. Similarly, one can remove a SIM card from a phone, insert it into another phone with a different make and model, and start using it. All these are possible only when those devices are designed and works based on certain standards/protocols. The network elements of a mobile communications network are also designed and work on certain protocols as defined by the 3GPP. A particular protocol layer, and its various aspects, as defined by the 3GPP, is identified under a standard terminology called “Technical specification”, or “TS” in short. There is another terminology called “Technical Report”, shortly called as “TR”. A TR is for an informational purpose which is the result of a study phase/item on a particular area. A TR, later on, may lead to a technical specification. A technical specification is a standard specification as a result of a work item based on a TR. A sample cover page of a 3GPP technical specification is shown in Figure 2.16. Look at the information that is available on the cover page of a 3GPP technical specification; see Figure  2.16. For example, 3GPP TS 22.060: “General Packet Radio Service (GPRS); Service Description; Stage 1” and 3GPP TS 23.060: “General Packet Radio Service (GPRS); Service Description; Stage 2”; and so on. To decode and derive the relevant information, one must be aware of the nomenclature being used to identify a TS. Meaning and decoding of the various information available in 3GPP technical specifications are described in the subsequent sections of this book. Visit the 3GPP site [2] to get familiarity with the nomenclature. Knowing the nomenclature and picking the correct 3GPP TS is very important from the conformance point of view.

3GPP TS 22.060

V11.0.0 (2012-09) Technical Specification

3rd Generation Partnership Project; Technical Specification Group Services and System Aspects; General Packet Radio Service (GPRS); Service description; Stage 1 (Release 11)

2.5.4  Stages of a 3GPP Technical Specification A 3GPP technical specification may be divided into stages such as Stage1, Stage2 and Stage 3. Descriptions and purposes of each stage are shown in Figure 2.17. In this case, the titles of the technical specifications will be the same, but they will have different specification numbers. The cover page of a sample technical specification shown in Figure 2.16 shows the “Stage1” of the technical specification.

2.5.5  Release Number of 3GPP Technical Specification Figure 2.16  Example of a cover page of a 3GPP technical specification. Source: © 2012. 3GPP ™ TSs and TRs are the property of ARIB, ATIS, CCSA, ETSI, TSDSI, TTA and TTC who jointly own the copyright in them. © 2012, 3GPP.

3GPP technical specifications are grouped into a particular “Release”. A mobile communications system and the network could be developed based on the set

Network Architectures, Standardizations Process

Figure 2.17  Illustration: different stages of a 3GPP TS.

Stage 1

It contains the description of the various services requirements being offered from the services end user point of view.

Stage 2

It contains the logical analysis, breaking the system into functional network elements/nodes. It also describes the information flow amongst them across the logical interface.

Stage 3

It contains the detailed implementation of the protocol stack and layers appearing at the physical interfaces between physical network elements into which the functional elements have been mapped.

of all the specifications that belong to a particular release. A mobile communications system and its node/element is said to be compliant or conforms to a particular release. A list of 3GPP releases available so far is mentioned later in Section 2.6. From the sample cover page of the TS 23.060 [31] shown in Figure 2.16, the corresponding release number is 11 that is derived from the version field: V11.0.0.

2.5.6  3GPP Technical Specification Numbering Nomenclature ●●

Series Number

Each 3GPP protocol layer has a unique technical specification number. An analogy to a technical specification is the Request for Comments (RFC) number, e.g. RFC 1234, defined by the Internet Engineering Task Force, of a particular protocol such as ICMP. The technical specification numbering system is like this: ab.xyz or ab.xy where the first two digits, i.e. ab, identifies the series number of the technical specification. This is further followed by either 3 digits (e.g. xyz) for series from 21 to 55 or 2 digits (e.g. xy) for series from 01 to 13. For example, consider the cover page of the sample TS 22.060, shown in Figure 2.16. The corresponding technical specification number is TS 22.060, where 22 is the series number here. There are large numbers of technical specifications, or standards, for different areas of the mobile communications networks based on the GSM, GPRS, UMTS, LTE, and 5G technologies. Those technical specifications cover the different system engineering aspects of a mobile communications network as described in Section  2.4. Technical specifications of related protocols or subject areas (e.g. signaling, service aspects) of a particular mobile technology are grouped into so-called “specification series”, for example, 3GPP TS 44 series, 24 series specifications, and so on. Within a particular series, all the technical specifications of a related protocol or protocol stack can be found. Visit the 3GPP site [2] for the lists of technical specifications series that are available in each of the mobile communications technologies, such as GSM, GPRS/EDGE, UMTS, LTE, and 5G (second, third, fourth column) under a particular subject area (first column). The specification is organized into the following categories: –– 3G (UMTS) and beyond/GSM (R99 and later), covering the 5G also; –– GSM only (Release-4 and later); and –– GSM only (before Release -4). Start with and look at the standard specification(s) for a particular mobile communications technology domain (column (2) or (3) or (4)) of your interest. For the complete list of the technical specification series, the reader is advised to visit the 3GPP site [2]. Note that after Release 4 or R4, the old GSM specification numbers are increased by 40 (second column from right in [2]), whereas the UMTS standards or specification numbering is lowered by

23

24

Mobile Communications Systems Development

20 numbers (second column from left in the table appearing on this web site page) corresponding to each GSM standard. Thus, the GSM standard 01.0x has now become GSM 41.00x and UMTS 21.xxx. Note that technical specifications of a particular mobile communication technology such as GSM, EDGE, UMTS, LTE, or 5G could span across multiples series. For example, LTE and 5G have the dedicated specifications series, i.e. 36 and 38; see the 3GPP site [2]. However, one can also find LTE protocol layer-related specifications/information in other series such as the TS 24.008[45]. ●●

Version, Release Number of a 3GPP Technical Specification

Each 3GPP technical specification has its version number in the form of a.b.c. The meanings are as follows: –– a This is the release field. It is incremented each time a major new functionality is added to the concerned mobile communication technology area such as GSM, GPRS/EDGE, UMTS or 5G system. –– b This is the technical field. It is incremented each time a technical change is made to the concerned technical specification. Note that the technical information field is reset to zero every time the release field is updated. –– c This is the editorial field. It is incremented each time an editorial change is made to a specification. Note that it is reset to zero every time the technical field is updated. For example, TS 44.060 V6.0.0 means that it belongs to 3GPP Release 6. Open a technical specification and have a look at the meaning of each number. One should consider referring to a specification having the first digit of the version as 3 and above because that is the version of the specification under change control. More about the version numbering scheme could be found by visiting the 3GPP site link [5].

2.5.7  Vocabulary of 3GPP Specifications For a list of glossaries of terms, their definition, and the abbreviations as found in various 3GPP specifications as well as in this book, refer to the 3GPP TR 21.905 [24].

2.5.8  Examples in a 3GPP Technical Specification 3GPP technical specifications are full of theories, and one will not find, except in some cases, virtually illustrating examples in any technical specifications. This may make the reader difficult to grasp a particular concept at the first go. In this case, it is highly recommended to study the contents of a particular message or a TS several times. The reader may take the help of an experienced professional/colleague in this regard.

2.5.9  Standardization of Technical Specifications by 3GPP Standardizations of technical specifications are required and important to design interoperable systems by different vendors/OEMs. Because of standardizations, one can use various telecommunications services from different service providers using varieties of handheld devices such as Mobile and POS terminal.

2.5.10  Scope of 3GPP Technical Specification (TS) A particular 3GPP technical specification description may cover all the systems. A TS specifies its applicability/scope to other mobile communications systems such as the GERAN, UMTS, LTE, and 5G. Pay attention to this fact. For example, click on any specification series for a particular subject area on the 3GPP site [2]. All the technical specifications shall be presented under that particular series. Now, further, click on any

Network Architectures, Standardizations Process

technical specifications. A new window shall be opened, and from there, one can find the scope and applicability, under Radio Technology, of the technical specification being clicked. Below the Radio Technology, there is a link by clicking which all the versions/releases of the particular technical specification can be downloaded. The first section of every technical specification also describes its scope. Moreover, the first page of every technical specification displays the GSM or LTE or LTE Advanced or 5G logo depending on the scope.

2.5.11  3GPP TS for General Description of a Protocol Layer A 3GPP protocol layer may perform several important functions and procedures. The functions and procedures performed may be split into several individual technical specifications. For such a protocol layer, it contains an introductory technical specification too, for example, LTE TS 36.201 [89] and 5G NR TS 38.201 [105], which provides an overview and a general description of the concerned protocol layer. The introductory technical specification also describes the detailed relationships among the split technical specifications. It may be also noted that for the same protocol layer, for example, in the case of the UMTS physical layer, there may be separate technical specifications depending on its duplexing modes, i.e. Frequency Division Duplex (FDD) and Time Division Duplex (TDD), of transmission which is used by the physical layer. However, in the LTE and 5G NR system, no separate technical specification is used to describe the physical layer functions and procedures working in the TDD and FDD mode.

2.5.12  3GPP TS Drafting Rules: Deriving Requirements To derive various technical, functional, and other requirements without any ambiguity, the contents of a 3GPP technical specification should be understood and decoded properly. A 3GPP technical specification description contains the following types of requirements. ●●

Normative

Such requirements must be complied with. ●●

Informative

Such requirements if ignored, it does not matter. Note that a technical report is always an informative one. To identify the above requirement types, a 3GPP specification/text description may contain the following auxiliary verbs: ●● ●● ●● ●●

Shall/Shall not – This is a normative and implies a mandatory requirement. May/Need not – This is a normative and optional requirement. Should/Should not – This is a normative and Recommendation requirement. Can/Cannot – This is a normative and possibility/capability requirement.

Also, a 3GPP technical description is described using an active voice rather than a passive voice. For example, “The MS shall perform. . .” rather than the “. . .routing area update shall be performed by the MS”.

2.5.13  Download 3GPP Technical Specifications 1) Visit the 3GPP site [2]. 2) Select a subject/area and the particular technical specification series. Select a technical specification of interest to download. Click on the Click to see all versions of this specification to download a specification for a particular release.

25

26

Mobile Communications Systems Development

2.5.14  3GPP Change Requests An introduction of a new feature as part of a release is documented in the form of a Change Request. The affected technical specifications due to a new feature are captured under a particular Change Request. Given a Change Request number, the affected technical specifications may be downloaded from the 3GPP portal https:// portal.3gpp.org/ChangeRequests.aspx. One can find the relevant changes introduced in each affected technical specification due to a new 3GPP feature.

2.5.15  Learnings from 3GPP Meetings TDocs Many technical documents (TDocs) in the form of written contributions are produced as a result of various meetings held among the 3GPP technical specifications working groups mentioned in Section 2.5.2 and other stakeholders. To produce a version of a technical specification, numerous meetings are held. Visit the 3GPP site [2] and follow the steps mentioned in the previous section. Click on the tab Versions. Look at the Meetings column under a particular Version. Click on any Meeting number to display the various written contributions (TDocs) under the “List of TDocs” link. A TDoc or a written contribution contains highly technical discussions, observations, and proposals, in a particular area/topic of the concerned technical specification. One can acquire a great deal of knowledge from such a TDoc, which can be used as supplementary information. If a particular aspect is not clear from a technical specification, a TDoc may be referred for more information on the related area.

2.6 ­3GPP Releases and Its Features The 3GPP technical specifications are organized into different versions called “releases”, such as Release 99, Release 4, Release 5, Release 6, Release 7, Release 8, Release 9, Release 10, Release 11, Release 12, Release 13, Release 14, Release 15 and beyond. Various features introduced in each 3GPP releases are summarized in Table 2.3. Some of these 3GPP releases involve the SAE right from the GSM to the 5G system as described earlier in Section 2.3. However, some of these releases involve the introduction of additional features only to improve the existing data transmission rates. New functionality or enhancement to an existing release is also added in each subsequent release. The Release 99, shown in Figure 2.10, was the first version where UMTS came into existence which evolved from the GSM/GPRS system in terms of the new RAN, UTRAN. Subsequent releases of the UMTS Table 2.3  Summary of 3GPP Releases and their features. 3GPP Releases

Features

Release 99 [Year: 2000]

UMTS First Release, combination of GSM and UMTS, voice call through E1 interface.

Release 4 [Year: 2001]

●●

●●

UMTS core called Bearer-Independent Core Network (BICN)/Next-Generation Network, Splitting architecture, separating control plane and data plane

Release 5 [Year: 2002]

IMS, HSDPA, all IP network

Release 6 [Year: 2005]

HSUPA

Release 7 [Year: 2007]

HSPA+

Release 8/9 [Year: 2010]

LTE E-UTRA/LTE Baseline Release

Release 10 [Year: 2011] and beyond

LTE-Advanced, Career Aggregation

Release 15 and Beyond

5G System

Network Architectures, Standardizations Process

UTRAN introduced new features offering increased data transmission rates. Similarly, 3GPP Release 8 was the first version of the LTE system, and Release 15 was the first version of the 5G system. Prior to Release 99, 3GPP technical specifications releases were known by the corresponding year such as Release 1997 and Release 1998. However, after the Release 99, 3GPP technical specifications releases are known by the corresponding version number only such as Release 4 Release 5 and beyond. A new 3GPP release details are described through its own and dedicated technical specifications series. However, because of a new feature or functionality, an existing technical specification from a previous release version may be also impacted. Details of such information can be derived from the 3GPP release descriptions document available on the 3GPP site [3]. Apart from the introduction of a new feature in each 3GPP release, a new message(s) or a new information element(s) or a new type of channel, either in DL or UL, to an existing protocol layer may be also added. For further details on each of the above releases, visit this 3GPP site [3].

­Chapter Summary In this chapter, we have presented the introductory architectures, the various domains or areas, and the network elements of mobile communications networks based on the GSM, UMTS, and LTE systems. The 5G system is also covered in appropriate sections of this chapter. We then presented the global 3GPP standardizations process of various technical specifications based on which mobile communications systems and networks are designed and built. The evolutions of mobile communications systems and networks in terms of 3GPP system architectures release are also discussed. The reader is advised to get familiar with the various aspects of a 3GPP TS. To start with, select a particular mobile communications system and then use the 3GPP specification series [2] as the guiding resources to download and study the technical specifications of a particular series and the subject area of interest. Get an overview of the various protocol layers, interfaces, procedures, and functions performed by a particular network element. This chapter was the introductory one, for the reader, whose contents are general in nature and thus applicable to the 5G system also. The various protocols, procedures, and functions performed by a mobile communications network and its elements/entities shall be described in detail in the subsequent chapters of this book. Design, development, and implementation aspects of a network element in the software code shall be also presented in the subsequent chapter.

27

29

3 Protocols, Interfaces, and Architectures ­Introduction This chapter covers the protocol architectures of network elements of mobile communications networks based on the Global System for Mobile Communication (GSM), Universal Mobile Telecommunication System (UMTS), Long-Term Evolution (LTE), and 5G systems as defined by the 3rd Generation Partnership Project (3GPP). The protocol stack, its layer, and the architecture of a mobile communications network are different from the traditional Internet Protocol (IP) networks. Nevertheless, the protocol stack and layers of a mobile communications network can be studied in parlance with the OSI-7-layer reference network architecture. Developers must have understandings of the architectural aspects of protocol stack and its layers as it is core to the design and development of network elements of mobile communications systems and networks. We begin with the basic means of communication between two peer protocol layers of network elements irrespective of the mobile communications system and network being used. Following this, we present the concept of sublayering of a protocol layer performing different functions and procedures of each protocol sublayer. We then present how protocol layers are grouped in case of the UMTS, LTE, and 5G systems based on the peer-to-peer communication between a User Equipment (UE) and the radio access network (RAN) and between UE and core network (CN). Classification of individual protocol layers is also presented based on the nature of functions performed by each layer. We also present the working model of a protocol layer based on which it provides services to its upper layer or uses the services from a layer below it. We close this chapter with another aspect of peer-to-peer protocol layer communications, which is protocol layer termination.

3.1  ­Protocol Interface and Its Stack Network elements of mobile communications networks are designed and developed based on a set of standard protocols and specifications as defined by the 3GPP. A protocol interface is a communication path that is established between two network elements. Each network element and its protocol layers communicate with the peer network element and its protocol layers through a particular interface. The related protocol layers or the protocol stack, supported by a network element, are organized into a protocol interface. Over a particular protocol interface between two network elements, they exchange various signaling messages corresponding to a particular function and procedure such as the following ones: ●● ●●

Call Control Management, i.e. a call establishment, maintenance, and its releasing; Mobility Management and Session Management (SM);

Mobile Communications Systems Development: A Practical Introduction to System Understanding, Implementation, and Deployment, First Edition. Rajib Taid. © 2021 John Wiley & Sons Ltd. Published 2021 by John Wiley & Sons Ltd.

30

Mobile Communications Systems Development ●● ●●

Radio Resource Management, Handover, and Power Control Management; and Interworking, Interoperations, Roaming Management, and so on.

A protocol interface also carries user data or traffic between two network elements. A protocol interface between two network elements could be physical as well as logical as described below. A logical interface may be a point to point, i.e. direct, or may span through several network elements. A logical interface works on top of a physical interface.

3.1.1  Physical Interface The physical interface defines the electrical characteristic of the physical transmission media being used for the actual transmission and reception of information between a sender and receiver. Consider the physical Cat5 cable or its other variants used in a Local Area Network to transmit and receive upper/lower layers information. Application data received from the upper layers are converted into Ethernet frames. The network interface card (NIC)/Ethernet chipset generates the required electrical signals to transmit the frames through the Cat5/6 physical cable/layer. The NIC/Ethernet driver also knows when to read and write binary data from the physical interface and layer. Similarly, in the case of a mobile communications system also, various physical transmission interfaces/media are used across the different systems, i.e. GSM to 5G, to transmit either signaling or user traffic between two network elements. Being the GRPS CN, LTE/Evolved Packet Core (EPC) and 5G as an IP network-based system, the IP transport network is used to transmit and receive information among their network elements. Examples 3.1 and 3.2 below illustrate the typical physical interfaces found in mobile communications systems, from the GSM to the 5G system.

3.1.2  Logical Interface In computer network programming, an interface is a logical point, such as a socket where two different applications/systems exchange information and communicate with each other in terms of a protocol data unit (PDU). Similarly, in the case of mobile communications networks also, two different network elements communicate, either signaling or user data, with each other using a set of predefined messages or PDUs. These collective PDUs or messages define the particular logical interface between two network elements. A logical interface works on top of a particular physical interface. Using a logical interface, network entities exchange both the user data and signaling information in the form of a message or a PDU. For example, consider Example 3.1  GSM E1 Physical Interface One of the most commonly used physical interfaces is the E1, which is defined under the standard G.703 of ITU-T [12]. An E1 physical interface is not only used in the mobile communications system but also used in other systems to carry voice, data, and so on. For example, E1 physical interface is used between the GSM Base Station Controller (BSC) and Base Transceiver Station (BTS); GSM BSC, and Mobile Switching Center (MSC), or between the MSC and Serving GPRS Support Node (SGSN) for the Gs interface. An E1 physical interface has two pair/four wire cables for both Receive (RX) and Transmit (TX) purposes. The total bandwidth supported by the E1 interface is the 2 Mbps that is divided into 32 timeslots of 64 kbps each. Each 64 kbps timeslot is again divided into four sub-timeslots. A sub-timeslot can be allocated to a GSM voice call or General Packet Radio Service (GPRS) data communication purpose. Figure  3.1 illustrates the configuration and usages of an E1 physical interface to carry signaling as well as user traffic. Using an E1 interface, several transceivers (TRXs), along with their signaling channels, of a BTS can be configured.

Protocols, Interfaces, and Architectures

Figure 3.1  Illustration: physical E1 interface configuration for GSM A-bis interface.

TRX A-bis Logical Interface ……. B

B

Layer 3

T

S

Layer 2

S

C

Layer 1

E1 Physical Interface Cable E1 Frame Size = 256 bits, E1 Interface Bandwidth = 32 TS * 64 kbps = 2 Mbps TS0.1

TS 1.1

T

T

T

….

T

TS31.1

TS0. 2

TS 1.2

T

T

T

….

T

TS31. 2

TS0. 3

TS 1.3

T

T

T

….

T

TS31. 3

TS0. 4

TS 1.4

T

T

T

….

T

TS31. 4

16 kbps

T: Traffic Time Slots for Voice Call. TS 31: O&M Signalling

Example 3.2  Mobile Communications Networks and Their Physical Air Interface An MS/UE communicates with the RAN of the GSM/GPRS, UMTS, LTE, and 5G systems through their respective air interface between them. The air interface is the physical interface where the actual physical link/interface/ transmission media used over the air interface is the radio wave. A radio wave carries the modulated information between the UE/MS and RAN and vice versa. The air interface between the MS/UE and GSM RAN, UMTS UTRAN, LTE Evolved-UMTS Terrestrial Radio Access Network (E-UTRAN), and 5G RAN is illustrated, in general, in Figure 3.2 below. Figure 3.2  Illustration: physical air interface for GSM, UMTS, LTE, and 5G NR systems.

Physical Air Interface Radio Wave

MS

Radio Access Network

the GSM A-bis interface between the BTS and BSC and the A-interface between the BSC and the MSC. Both of these logical interfaces work on top of the physical E1 interface to transport signaling and user traffic in a GSM network. Typical signaling messages exchanged over the A-bis interface are radio resources request and allocation to an MS and its release and so on.

31

32

Mobile Communications Systems Development

A logical interface may consist of a protocol stack that may contain several protocol layers in it. Protocol layers are grouped into a particular logical interface which is known by a particular logical interface name for ease of its identification. Examples 3.3 and 3.4 below illustrate the typical logical interfaces found in the LTE/EPS and the 5G system. The S1 logical interface between the LTE eNodeB and EPC contains two types of protocol stacks that are used to carry signaling and user data; see Figure 3.3a and b: ●● ●●

User data transmission protocol, also called user plane, S1-U. Signaling or control plane protocol, called control plane, S1-Application Protocol (AP).

Similarly, the NG logical interface between the 5G NG-RAN/gNB and UPF contains two types of protocol stacks that are used to carry signaling and user data; see Figure 3.3a and b: ●● ●●

User data transmission protocol, also called user plane, NG-U. Signaling or control plane protocol, called control plane, NG-AP.

The S1-U or NG-U user plane protocol stack is used to transfer user traffic or data between the respective RAN (LTE eNodeB or 5G gNB) and its CN element (LTE/EPS MME or 5G UPF). The control plane protocol stack, S1-AP(LTE/EPS) or NG-AP (5G), is used to transfer signaling messages between the respective RAN (LTE eNodeB or 5G gNB) and its CN element (LTE/EPS MME or 5G AMF). Figure 3.3a shows side-by-side the S1-U and NG-U user plane protocol stacks, and Figure 3.3b shows the S1-AP and NG-AP signaling or control plane protocol stacks.

Example 3.3  LTE/EPC S1 Logical Interface and 5G NG Logical Interface Consider the S1  logical interface between the eNodeB and the EPC (consisting of Serving Gateway (S-GW), Mobility Management Entity (MME), and packet data network gateway (P-GW)) in the case of the LTE/EPC network. Similarly, consider the NG logical interface between the Next Generation Radio Access Network (NG-RAN)/gNB and the User Plane Function (UPF) in the case of the 5G network. Refer to Figure 3.3a and b. (a) User Data

User Data

GTP-U

GTP-U

UDP

UDP

IP

IP

L2

L2

L1

L1

LTE/EPS S1 User Plane

5G NG User Plane

(b)

S1-AP

NG-AP

SCTP

SCTP

IP

IP

L2

L2

L1

L1

LTE/EPS S1 Control Plane

5G NG Control Plane

Figure 3.3  (a) LTE S1 and 5G NG logical interface: user plane. (b) LTE S1 and 5G NG logical interface: control plane.

Protocols, Interfaces, and Architectures

Figure 3.3 shows that the S1-U and NG-U or the S1-AP and the NG-AP have the same protocol stack over the IP transport network. Protocol layer classifications under user plane and control plane protocols are described later in Section 3.2. Example 3.4  LTE Logical Interfaces with the Same Protocol Stack In the LTE/EPS mobile communications network, several logical interfaces may have the same protocol stack and its transport network. For example, consider the IP transport-based logical interfaces: S3 (MME-SGSN), S4 (S-GW-SGSN), S5 and S8 (S-GW – P-GW), S10 (MME-MME), and S11 (MME-S-GW) that are used among the several network elements of an LTE/EPS network. These logical interfaces have the same protocol stack on top of the IP transport network, i.e. UDP/IP, which is used to tunnel IP payload from one network element to its peer. Refer to the illustration shown in Figure 3.4. IP payload is tunneled through a protocol called GPRS Tunneling Protocol (GTP) in an encapsulated manner. GTP PDUs between two network elements are transported on top of the underlying IP transport network. Figure 3.4  LTE/EPS logical interfaces: S3, S4, S5, S8, S10, and S11 protocol stack.

GTP-User or GTP-Control UDP IP Data Link Layer Physical Layer

Note that in the case of the LTE/EPS system, the GTP control plane Version 2 (GTP-C v2) [70] is used in all the logical interfaces mentioned above to carry signaling information between their respective network elements. But in the case of the GPRS/UMTS system, GTP control plane Version 1 (GTP-C v1) TS 29.060 [67] is used. Similarly, the GTP-user plane, TS 29.281 [72], protocol is used to carry user traffic/data between their respective network elements. To achieve successful interoperability between two network elements from two different vendors, it is important to understand the concerned protocol specification, encode/decode, and implement correctly each message/ PDUs defined in a particular logical interface and its protocol specification. Different logical interfaces may use different physical transmission media to transport the messages of a logical interface. All the IP transport-based mobile communications protocols will use the Stream Control Transmission Protocol (SCTP) RFC 4960 [17] or UDP protocol suite and UTP CAT cable as physical media.

3.1.3  Logical Interfaces’ Names and Their Protocol Stack In a computer network, the TCP/IP protocol suite has a collection of protocols that are classified and grouped into four layers, namely the application layer, transport layer, network layer, and the physical layer. By referring to the TCP/IP protocol suite, one can easily recall the various layers and protocols available under it. Similarly, a logical interface in mobile communications networks also consists of a protocol stack and its layers. To identify and refer such protocol stack and its layers, each logical interface is given an identification name that begins with a capitalized English alphabet letter. For example, in the previous section, the LTE/EPS logical interface S1 or 5G NG logical interface was discussed. Similar examples of other logical interfaces are A-interface

33

34

Mobile Communications Systems Development

between the BSC and MSC, Gs interface between the MSC and SGSN, A-bis interface between the BTS and BSC, Iu interface between RNC and MSC, and so on. There are large numbers of logical interfaces connecting different network elements of GSM, GPRS, UMTS, LTE/EPS, and 5G networks. To provide a brief overview to the reader, the following Tables 3.1 to 3.4 lists the names of some of the logical interfaces, second row, along with their network elements, first row, used in the GSM, GPRS, UMTS, and LTE/EPS networks. The reader may refer to the corresponding technical specification(s) which are available on the 3GPP site [1] for further information on the logical interfaces mentioned in Tables 3.1 to 3.4. Table 3.5 summarizes the various logical as well as the physical interfaces being used between the respective RAN and the CN in the GSM, GPRS, UMTS, LTE, and 5G systems. Table 3.1  GSM and GPRS system network elements and logical interfaces. Air Interface (MS-BSC)

BTS-BSC

BSC-MSC

BSC-SGSN

SGSN-GGSN

Um

A-bis

A

Gb

Gn

Table 3.2  UMTS system network elements and logical interfaces. Air Interface (UE-NodeB)

Node-RNC

RNC-MSC

RNC-SGSN

SGSN-GGSN

GGSN-WWW

Uu

Iub

Iu-CS

Iu-PS

Gn

Gi

Table 3.3  LTE/EPS network elements and logical interfaces. Air Interface (UE-eNodeB)

eNodeB-MME

eNodeB-S-GW

S-GW - P-GW

P-GW - WWW

Uu

S1-AP

S1-U

S5

SGi

Table 3.4  Interworking features and their logical interfaces. 3GPP Feature: CSFB (MME-MSC)

Feature: SRVCC (MME-MSC, MSC-SGSN)

SGs

Sv

Table 3.5  Logical and physical interface between RAN and CN elements. System

Interface Between Network Element

Logical Interface Name

Physical Interface Name

GSM

BSC

MSC

A-interface

E1

GPRS

BSC

SGSN

Gb-interface

E1, IP Layer 1

UMTS

RNC

MSC

Iu-CS

PDH, SDH, IP Layer 1

SGSN

Iu-PS

PDH, SDH, IP Layer 1

MME

S1(S1-AP)

IP Layer 1

S-GW

S1(S1-U)

IP Layer 1

AMF

NG (NG-AP)

IP Layer 1

LTE 5G

E-UTRAN NG-RAN

Protocols, Interfaces, and Architectures

For more information on all the 3GPP defined logical interfaces, their protocol stack/layers, and network ­elements of mobile communications networks, refer to the 3GPP TS 23.003 [30]. The next section illustrates the logical interfaces and their physical transmission network used in a typical GSM and GPRS network.

3.1.4  Examples of Logical Interface and Its Protocol Layers Section 3.1.2 described the different logical interfaces used among the LTE/EPC or 5G network elements where user data or signaling information is transported over the same underlying IP transport network. However, in a GPRS and GSM network, different transport networks may be used apart from the IP network as illustrated below: ●●

GPRS Gb-Interface Protocol Stack and Layers

In the case of the GPRS system, the Gb-interface between the BSC and the SGSN is used for transferring the signaling and user data exchanged between the MS and the SGSN. The GPRS Gb interface consists of the following applications protocol layers: –– BSSSGP – Base Station Subsystem GPRS Protocol –– NS – Network Service The Network Service (NS) layer is further divided into the following components: –– Network Service Control (NSC) Protocol –– Sub-Network Service (SNS) Protocol The Gb interface stack with the above protocol layers follows the protocol structure shown in Figure 3.5. Below the NS layer, there are two transmission network protocols, having its physical layer and media that can be used to exchange upper-layer information between the Base Station Subsystem (BSS) and the SGSN. Those transport networks are: –– Frame Relay (FR) Protocol Transmission Network and –– IP Transmission Network. Based on the transmission network protocol, Frame Relay, or IP, shown in Figure 3.5, the concerned physical layer shall be used accordingly. Note that the Gb-interface cannot use both the Frame Relay and the IP transmission network simultaneously but shall use only one transmission network, either Frame Relay or IP, at a time.

Figure 3.5  GPRS: Gb-interface protocol stack with IP and frame relay transport network. BSSGP Layer Network Service Layer Network Service Control Protocol Sub-Network Service Protocol

Frame Relay E1 Interface Physical Layer

IP Data Link Layer IP Interface Physical Layer Gb Interface

35

36

Mobile Communications Systems Development

The particular transmission network to be used is configured by the operator and maintenance personnel, and it is taken care of by the SNS Protocol at the NS layer level. The NS Control Protocol deals with transferring of the information of the upper layer in the form of NS Data Units (NS SDU), whereas the SNS Protocol deals with the management of the underlying transmission network protocol (Frame Relay or IP) to be used at a time to transfer upper-layer information. For further details on the GPRS NS layer, refer to TS 48.016 [135].

Protocol Classifications of Logical Interface

Circuit Switched

Packet Switched

User Plane

User Plane

Control Plane

Control Plane

Figure 3.6  Protocol layers classifications in GSM, GPRS, UMTS, LTE, and 5G systems.

3.2  ­Classifications of Protocol Layers In a mobile communications network, the circuit-switched (GSM, UMTS) or packet-switched (UMTS, LTE, 5G) domain protocol layers of a protocol stack that belongs to a particular logical interface are classified into the following categories (Figure 3.6): ●● ●●

Control Plane or Signaling Plane User Plane or Data Plane

3.2.1  Control Plane or Signaling Protocols ●●

What is a Signaling Message?

One important aspect of a mobile communications network is the “signal” that is exchanged between the network elements. Mobile communications signaling is nothing but an exchange of information between the concerned network elements prior to providing communications services to a subscriber or another network element. Signaling messages among the network elements are exchanged to reserve resources as part of the call setup and release the resources as part of the call release procedure. In addition to this, signaling messages are exchanged to carry out various functions and procedures among the network elements of GSM/GPRS, UMTS, LTE/EPS, and 5G networks. By exchange of signaling information among the network elements, necessary logical objects, or contexts, a database of various information is created at the UE/MS, RAN, and CN end. Information such as the capabilities of a particular MS/UE, radio access, and CN capabilities and their features, information about a subscriber, and so on are also exchanged only through signaling, which is updated at the UE/MS, RAN, and CN end. In a traditional Public Switched Telephone Network (PSTN) fixed network also, signaling functions are performed for call establishing, maintaining, and supervision and call release. Note that control/signaling plane messages last for a fraction of a second only to setup and release a call or to perform other procedures among the network elements. Before a user can start communications services, a signaling procedure or phase must be completed successfully between a UE/MS and the RAN, between the RAN and CN, and between the UE and CN. For example, an MS/UE must be registered with the CN through a successful GSM location area or GPRS routing area or LTE/EPS tracking area update or 5G Registration Request procedure. Prior to performing such signaling procedures, a UE/MS must request and be allocated the necessary radio resources by the GSM BSC, UMTS RNC, or LTE eNodeB or 5G NG-RAN through signaling only. All such signaling procedures in a particular mobile communications network are performed by its control plane protocol stack and its layers only. If there is a signaling congestion situation in a network, an MS/UE would not get the requested resources from the network. Thus, a mobile user would not be able to make a circuit-switched (CS) or a packet-switched

Protocols, Interfaces, and Architectures

(PS) call. This would further require the troubleshooting of the issue or a proper radio network planning by the operator. ●●

LTE/EPS Network Control Plane Protocols: UE – eNodeB – MME

Figure 3.7 shows the end-to-end control plane protocol layers of an LTE network, which is reproduced from TS 23.401 [39]. The LTE air interface control plane protocol layers between the UE and E-UTRAN are Radio Resource Control (RRC), Packet Data Convergence Protocol (PDCP), Radio Link Control (RLC), and Media Access Control (MAC) layer. Between the UE and the MME, the control plane protocol layer is known as the Non-Access Stratum (NAS) layer, consisting of the EPS Mobility Management (EMM) and ESM protocols. On the CN side, the control plane protocol is S1-AP/MME AP between eNodeB and MME. The S1-AP control messages are transported over the SCTP [17]. The EPS mobility and SM layer performs similar functions and procedures as described above for the GPRS control plane protocols. The RRC protocol layer is responsible for providing a reliable link between the UE and the MME in the case of the LTE/EPS network (Figure 3.7). Beyond the LTE/EPC MME, it uses the GTP control plane [11] protocol to perform tunnel management procedures with the S-GW. The Relay as shown in Figure 3.7 is not a protocol layer but an application module that is responsible for the reconstruction or reassembly of information transmitted by the lower layer, i.e. RLC or RRC. A common module also available in GPRS, UMTS, LTE RAN, and 5G NG-RAN is the Relay module. In the GPRS/UMTS system, the Relay module forwards the reformatted data to the GPRS BSSGP or UMTS Radio Access Network Application Part (RANAP) layer in terms of PDUs for onward transmission to the SGSN over the Gb or Iu-PS interface. Similarly, in LTE/EPS, the Relay module forwards data to the MME over the S1 interface. In 5GS, the Relay module forwards data to the AMF and UPF. The relay module is required to follow the underlying protocol layer details to reassemble their data for onward transmission to the CN. ●●

Functions of Control Plane Protocol: Air interface

The control plane protocol stack performs different functions according to its logical interface. From the air interface point of view, some of the common functions and procedures, in general, performed by the control plane protocol stack and layers in the GSM, GPRS, UMTS, LTE/EPS, and 5G system are as follows. These functions are similar though their protocol layer specification and implementation aspects are different: –– Broadcasting of network system information to mobile devices, –– Radio resource allocation for CS (GSM) and PS services. –– CS (GSM) and PS call setup, supervise, and its release,

NAS

NAS

Relay

RRC

S1-AP

RRC

S1-AP

PDCP

PDCP

SCTP

SCTP

RLC

RLC

IP

IP

MAC

MAC

L2

L2

L1

L1

L1

UE

LTE-Uu

eNodeB

L1 S1-MME

MME

Figure 3.7  LTE network end-to-end control plane protocol layers. Source: © 2015. 3GPP ™ TSs and TRs are the property of ARIB, ATIS, CCSA, ETSI, TSDSI, TTA and TTC who jointly own the copyright in them. © 2015, 3GPP.

37

38

Mobile Communications Systems Development

–– MM functions and procedures such as the GSM location update, handover, GPRS routing area, LTE/EPS tracking area update procedure, and 5G registration area update procedure, and –– GPRS, LTE/EPS SM functions and procedures such as Packet Data Protocol Context Creation and Bearer Allocation. However, the air interface control plane protocol stack and layers also perform different functions and procedures that are specific to a particular communications system, i.e. GSM, GPRS, UMTS, LTE, and 5G systems. For example, the following functions are performed by the UMTS, LTE, and 5G air interface control plane protocol stacks only: –– Header compression, –– Establishments of radio bearers, –– Configurations of lower layers, e.g. PDCP and RLC, by another higher-layer RRC, –– Ensuring the ciphering, integrity, and security protection of the information exchanged between UE and RAN and CN, and –– Provision for a transparent mode (TM) of user data transfer. Using the control plane protocol layers functions and procedures, the RAN or CN controls and commands the behavior of an MS/UE. For more information on the control plane protocol functions and procedures by the individual protocol layer of a logical interface, refer to the 3GPP TSs mentioned in the References section of this book.

3.2.2  User Plane Protocols User plane protocol layers perform the functions required to transmit and receive the user/application traffic between the source and destination network element and vice versa. As an example, Figure 3.8 shows the end-toend LTE system, TS 23.401 [39], user plane protocol layers structure starting from the UE, eNodeB, and S-GW to P-GW. At the UE end, the user plane protocols consist of the application layer, IP layer, PDCP, RLC, MAC, and physical layer. Note that the application and IP layers terminate at the P-GW. The IP layer contains the source and destination IP addresses using which the P-GW receives/route the user application data packets toward the external packet data network. The air interface layers (RLC, MAC, and PDCP) terminate at the eNodeB end.

Application IP

IP Relay

Relay

PDCP

PDCP GTP-U

GTP-U GTP-U UDP/IP UDP/IP

GTP-U

RLC

RLC

UDP/IP

MAC

MAC

L2

L2

L2

L2

L1

L1

L1

L1

L1

L1

LTE-Uu UE

S1-U eNodeB

Serving GW

UDP/IP

S5/S8 a

SGi PDN GW

Figure 3.8  LTE UE – P-GW user plane protocol layers. Source: © 2015. 3GPP ™ TSs and TRs are the property of ARIB, ATIS, CCSA, ETSI, TSDSI, TTA and TTC who jointly own the copyright in them. © 2015, 3GPP.

Protocols, Interfaces, and Architectures

Example 3.5  File Transfer Protocol (FTP) Protocol Consider the File Transfer Protocol (FTP) that is used to upload and download files between two different hosts. FTP uses port number 20 to transfer user data, whereas it uses port number 21 to exchange control commands between the two communicating hosts. Here, one will find that the FTP also uses the so-called user and control plane concept to facilitate the exchange of control and data transfer between two hosts.

Example 3.6  GPRS Tunneling Protocol The GTP has the control as well as the user plane protocols. The tunnel management is taken care of by the so-called GPRS tunneling Control Protocol, whereas the user IP data packets/payload is transported using the GTP-User Plane T-PDU (tunneled PDU) as shown later in Figure 8.1. GTP is used in a couple of interfaces in GPRS, UMTS, LTE/EPS, and 5G CN. For more information on the GTP control and user plane protocol, refer to TS 29.060 [67], 29.274 [70], and TS 29.281 [72]. At the LTE/EPC end, the user plane of the eNodeB, S-GW, and P-GW consists of the GTP-user plane [12] to tunnel user data on top of the UDP/IP transport network. Figure 3.8 also shows the respective user plane logical interfaces, i.e. S1-U and S5/S8, for carrying user data between two network elements of an LTE/EPS network. From Figures 3.7 and 3.8, it is observed that in the LTE system, the radio interface protocol layers – PDCP, RLC, and MAC, are available in both the control plane and the user plane protocol stack. In the user plane protocol stack, the application and IP layers terminate at the CN, P-GW, which transfers user data packets to the external network.  Examples 3.5 and  3.6 describe two typical protocols consisting of control plane and user plane protocol.

3.3  ­Grouping of UMTS, LTE, and 5G Air Interface Protocol Layers In the previous section, we have mentioned about the classifications of protocol layers into the control plane or signaling and user plane. In the case of UMTS, LTE, and 5G systems, their air interface control plane or signaling protocol layers are further grouped into what is called the Access Stratum (AS)) and NAS layer. The word “Stratum” means a grouping of protocols that is related to one service aspect of the various services provided by one or several network elements. The LTE, 5G, and UMTS system air interface protocol layer groupings are illustrated in Figure 3.9.

3.3.1  Access Stratum (AS): UMTS UE – UTRAN; LTE UE – E-UTRAN;5G UE - NG-RAN The AS contains radio air interface signaling protocol layers between UE and UTRAN; UE and E-UTRAN; and UE-5G NG-RAN only. The AS signaling protocol messages terminate at the UMTS UTRAN, LTE E-UTRAN, and 5G NG-RAN end. As the name implies, the AS contains all the protocols using which a UMTS or LTE or 5G UE

Figure 3.9  UMTS, LTE, and 5G air interface protocol layer groups.

UMTS, LTE, 5G Air Interface Protocol Architecture

Access Stratum

Non-Access Stratum

39

40

Mobile Communications Systems Development

Table 3.6  UMTS and LTE access stratum control plane protocol layers. Protocol Category

System

Air Interface Access Stratum Protocol Layers

UMTS/UTRAN AS Layers

LTE/E-UTRAN AS Layers

Physical, MAC, RLC, RRC

Physical, MAC, RLC, PDCP, RRC

UE

eNB

MME

NAS

NAS

RRC

RRC

PDCP

PDCP

RLC

RLC

MAC

MAC

PHY

PHY

Figure 3.10  LTE E-UTRAN: access stratum and non-access stratum protocol stack. Source: © 2015. 3GPP ™ TSs and TRs are the property of ARIB, ATIS, CCSA, ETSI, TSDSI, TTA and TTC who jointly own the copyright in them. © 2015, 3GPP.

communicates with the UMTS UTRAN or LTE E-UTRAN or 5G NG-RAN only to transmit/receive signaling messages over their respective radio air interfaces. The UMTS and LTE AS and its control or signaling plane protocol layers, over the air interface Uu, are shown in Table 3.6. The AS and NAS protocol structures for the LTE system air interface are shown in Figure 3.10, which is reproduced from TS 36.300 [92]. The typical flow of AS signaling messages, i.e. RRC layer, between a UE and the LTE/E-UTRAN is described in Example 3.7 below. Example 3.7  LTE AS Layer: Radio Resource Connection Establishment Procedure Let us consider the radio resource connection establishment procedure initiated by an LTE UE toward its RAN E-UTRAN. To initiate this procedure, a UE makes the radio resource requests and sends the RRCConnectionRequest message to the E-UTRAN, shown in Figure  3.11, which is reproduced from TS 36.331  [94]. The RRCConnectionRequest is an AS RRC layer message that terminates at the E-UTRAN end; refer to TS 36.331 [94]. This figure shows the RRC layer message names without showing the contents of each message. UE

EUTRAN

RRCConnectionRequest

RRCConnectionSetup RRCConnectionSetupComplete

Figure 3.11  LTE access stratum RRC connection establishment procedure. Source: © 2018. 3GPP ™ TSs and TRs are the property of ARIB, ATIS, CCSA, ETSI, TSDSI, TTA and TTC who jointly own the copyright in them. © 2018, 3GPP.

Protocols, Interfaces, and Architectures

3.3.2  Non-Access Stratum: UMTS UE – CN, LTE UE – EPC; 5G UE-Core The NAS contains all the mobility, connection, and SM-related signaling protocols and procedures that terminate at the CN end. Using NAS signaling protocols, a UMTS UE or LTE or 5G UE communicates with the UMTS or LTE or 5G CN. Note that NAS uses the services of the AS protocols. In this case, the UMTS UTRAN or the LTE E-UTRAN or 5G NG-RAN simply forwards those transparent NAS-related signaling messages to their respective CN. Figure 3.10 in the previous section shows the protocols that are grouped into AS and NAS types in the case of the LTE system only where the NAS layer terminates at the LTE/EPC MME. NAS signaling protocols are typically used for the following services: ●● ●● ●●

●●

CS CN procedures, such as MM and connection management (CM). GPRS PS core network procedures, such as mobility, SM bearer management, and security management. LTE/EPS core network procedures, such as the mobility, connection, and SM, bearer management, security management, EPS ciphering, and integrity protection function. 5G core network procedures, such as the mobility, connection, and PDU SM, security management, ciphering, and integrity protection function.

Table 3.7 shows the various NAS protocol messages exchanged between MS/UE and its concerned core network in GSM/GPRS/UMTS and LTE/EPS networks. Example 3.8 below illustrates the typical messages flows associated with a MM layer (NAS) ATTACH procedure in the case of the LTE/EPS network. Table 3.7  NAS protocol messages from GSM to LTE system. System

Type of Call

CM Message

SM Message

MM Message

GSM/ UMTS

CS

Call Estb., Call Setup

–

Location Area Update

GPRS/ UMTS

PS

Call Establishments, Call Setup

Primary and Secondary PDP Context Managements

Routing Area Update, Network Attach, Detach

LTE/EPS

PS

[Fall-back] Call Establishments, Call Setup

Default and Dedicated Bearer Managements

Tracking Area Update, Network Attach, Detach

Example 3.8  LTE/EPS NAS Layer: EPS Mobility Management Layer Procedure Let us consider the LTE UE ATTACH procedure shown in Figure 3.12 below, which is found in an LTE/EPS network. The ATTACH procedure and its messages are part of the EMM NAS protocol which is used by a UE to register with the LTE/EPS CN; see TS 24.301 [46]. This figure illustrates a successful ATTACH procedure and shows only the EMM message names without showing the contents of each message. Figure 3.12  Illustration: LTE/EPS ATTACH procedure: NAS protocol messages.

UE

eNodeB

ATTACH REQUEST ATTACH ACCEPT ATTACH COMPLETE

MME

41

42

Mobile Communications Systems Development

Example 3.9  5G NAS Layer: 5G Session Management Layer Procedure Let us consider the establishment of a PDU session, shown in Figure 3.13 below, a procedure that is initiated from a UE to the 5G core Session Management Function (SMF) network function. A PDU session is activated and is assigned to a particular network slice of a UE as part of its initial 5G UE registration procedure with a 5G CN. The establishment of a PDU session is part of the 5G Session Management (5GSM) NAS protocol. Figure 3.13 shows only the 5GSM message names without showing the contents of each message.

UE

NG-RAN/gNB

SMF

PDU SESSION ESTABLISHMENT REQUEST

PDU SESSION ESTABLISHMENT ACCEPT

Figure 3.13  Illustration: NAS layer messages for a 5G PDU session establishment procedure.

In GPRS and UMTS networks also, an MS/UE registers with its CN using the ATTACH procedure for PS services. However, as far as the implementations are concerned, there are differences in the GPRS/UMTS and LTE/ EPS ATTACH procedure. For example, unlike the GPRS system, an LTE/EPS ATTACH request message also contains a piggybacked session activation request to the CN. Example 3.9 illustrates the typical messages flows associated with an SM layer (NAS) PDU session establishment procedure in the case of the 5G system.

3.4  ­Initialization of a Logical Interface In the previous sections, several logical interfaces between the concerned network elements of mobile communications networks were described and illustrated. Different functions and procedures are performed over the respective logical interfaces. Some logical interfaces do not become ready for exchanges of information between the concerned network elements. Also, following the occurrence of an erroneous event, a logical interface may become unusable. In such scenarios, a logical interface between two network elements requires to be initialized and configured or reinitialized/reconfigured, with protocol layer-specific data, to make it ready for exchanges of information over it. The procedure for initialization and configuration with protocol layer-specific data differs from one logical interface to another one. Example 3.10 illustrates the typical messages flows for initialization of the S1 logical interface, which is used between the LTE/eNodeB and its MME. Similarly, the Gb-interface which is used in the GPRS system is also required to be initialized. The NS protocol layer of the Gb-interface in the BSC/PCU end initializes and sends the configuration data to the peer layer on the SGSN side of the Gb-interface.

Protocols, Interfaces, and Architectures

Example 3.10  LTE/EPS S1-AP (eNodeB-MME) Logical Interface Initialization In the LTE/EPS, the S1 interface is used to exchange control or signaling-related messages, between the eNodeB and the MME, which is also known as the S1-AP (Application Protocol). To make the S1 interface operational for exchanges of information and other S1-AP messages, the S1 interface is required to be setup first. For this purpose, the eNodeB sends the S1 Setup Request message, containing the eNodeB identity, Public Land Mobile Network (PLMN) identity, to the MME. The MME sends the S1 Setup Response message to the eNodeB. This is shown in Figure 3.14, which is reproduced from TS 36.413 [97]. Other examples where initialization of a logical interface is required is the 5G NG interface which is used between 5G NG-RAN and AMF network function. Figure 3.14  Initialization of LTE/EPS S1 interface. Source: © 2014. 3GPP ™ TSs and TRs are the property of ARIB, ATIS, CCSA, ETSI, TSDSI, TTA and TTC who jointly own the copyright in them. © 2014, 3GPP.

eNB

MME

S1 SETUP REQUEST

S1 SETUP RESPONSE

3.5  ­Protocol Layer Termination The extent and working of a particular protocol layer can be further understood from the protocol layer termination point of view. The general working model of a protocol layer consists of functions and procedures that it requires to perform to facilitate the various services to be offered to the higher layer, as described later in Section 3.8. Protocol layer termination refers to the making available of the various services by the concerned protocol layer to its adjacent layers at the same time facilitating a peer-to-peer communication between two network elements over a logical interface. To understand a protocol layer termination, start from the UE/MS end and proceed toward the radio access or CN. A protocol layer terminates at the destination or peer network element or domain. Find and look at the corresponding network element containing the terminated protocol layer. Next, look at its position, e.g. Layer #2, Layer #3, and so on, within the protocol layers’ organization supported by the concerned network element. The protocol stack and its particular layer termination also identify the network elements that exchange various messages using the concerned layer protocol specification. For example, as mentioned in Section 3.3, the AS protocols terminate at the UMTS UTRAN or LTE E-UTRAN or 5G NG-RAN, whereas the NAS protocols terminate at the respective CN end. For more examples of protocol layer terminations, refer to TS 25.301 [49].

3.6  ­Protocol Sublayers Recall the protocol layering principles of the OSI 7 protocol reference model, having a single protocol at each of the individual Layers #1–7. In the case of a mobile communications system protocol architecture, a particular protocol layer may contain sublayers also, performing its functions and procedures. For example, consider the air

43

44

Mobile Communications Systems Development

Interface Layer 3 protocol stack. The GSM Layer #3, i.e. the network layer in terms of the OSI reference model, has three sublayers, as mentioned below: ●● ●● ●●

CM MM Radio Resources Control and Management (RR)

Similarly, the UMTS and LTE system air interface protocol stack, Layer #2, i.e. the data link layer in terms of the OSI reference model, has three sublayers, as mentioned below: ●● ●● ●●

Packet Data Convergence Protocol (PDCP) RLC MAC

In the case of the GPRS/Enhanced Data for Global Evolution (EDGE) system protocol stack also, Layer #2, i.e. the data link layer in terms of OSI reference model, has three sublayers, as mentioned below: ●● ●● ●●

Logical Link Control (LLC) RLC MAC

The different protocol sublayers mentioned above are illustrated in Figure 3.15. Note that in the case of UMTS and LTE systems, sublayers of a protocol layer may spread across the AS as well as NAS groups of protocols. For example, consider the UMTS and LTE air interface Layer 3 protocol and its sublayers. Here, the RRC is the Layer 3 protocol that terminates at the UTRAN or E-UTRAN, but it is placed as part of the AS group of protocols. On the other hand, the sublayers of LTE/EPS or GPRS SM, MM, and CM are part of the NAS group of protocols that terminates at the CN, i.e. GPRS SGSN or LTE/EPC MME. Further, as illustrated, the 5G New Radio (NR) Layer 2 contains a new sublayer called the Service Data Adaptation Protocol (SDAP).

3.7  ­Protocol Conversion A particular protocol layer communicates and exchanges information in its defined format only between two network elements. A network element could be the mobile station, BTS, BSC, MSC, SGSN, eNodeB, MME, S-GW, 5G core UPF, and so on. The communications between the protocol layers of two network elements may be direct and point to point, or it may be routed through another network element that may work on different protocol Protocol Sub Layer SDAP CM

LLC

PDCP

PDCP

MM

RLC

RLC

RLC

RR

MAC

MAC

MAC

GSM Layer 3

GPRS Layer 2

UMTS /LTE Layer 2

5G NR Layer 2

Figure 3.15  Illustration: air interface sublayers: GSM, GPRS, UMTS, LTE, and 5G.

Protocols, Interfaces, and Architectures Core Network Protocols e.g. CM, MM, GMM, SM, EMM, ESM,5GMM, SM

UE Radio Air Interface Radio Protocols Protocols such as RLC, MAC

UE

E.g. IP, E1 based interface

RAN

Radio Protocols

Core Network Protocols

Radio Access Network

CN Core Network Protocols

Core Network

Figure 3.16  Illustration: protocol information conversions in a cellular system.

stacks. If the communication is not through a direct path, then the original message sent by the sender needs to be forwarded by an intermediate network element to the destination network element using protocol conversion. This is illustrated, in general, in Figure 3.16. In Figure 3.16, consider that a user wants to access the Internet (e.g. www, FTP, ping, and so on) through the GPRS or LTE/EPS network. The UE will send the user’s request to the RAN using RLC/MAC protocol across the air interface. The RAN will collect the RLC/MAC layer block, in the case of GPRS, or RLC layer PDU, in the case of LTE. The RAN will format the RLC/MAC layer information into an appropriate protocol layer format of the concerned CN logical interface, for example, GPRS Gb interface Frame Relay format for SGSN, or LTE/EPS S1-U format, and forward it to the SGSN or S-GW. As an analogy with a traditional IP network/Internet, in a mobile communication network also, the user data or signaling data packets pass through different protocol layers and intermediate devices between a source and destination.

3.8  ­Working Model of a 3GPP Protocol Layer: Services and Functions A mobile communications network consists of several protocol stacks and layers designed to exchange information between the adjacent layers or between two peer network elements either directly or transparently through another network element. The general working model of a protocol layer consists of various services it offers to its higher layer or services it expects from the layer below it. The protocol layer working model also consists of collections of signaling procedures and functions. These functions are the building blocks of a particular protocol layer to transfer information accurately and error-free as expected by the peer layer. This working model of a protocol layer is illustrated graphically in Figure 3.17 where a protocol layer N provides services to the layer N + 1 and also uses the services from the layer N − 1. Example 3.11 describes the LTE/E-UTRAN RLC layer with respect to its working principle.

Layer N+1

Services

……….. Layer N

………..

Protocol Layer Functional Blocks Services

Layer N-1

Figure 3.17  Illustration: A working model of protocol layer.

45

46

Mobile Communications Systems Development

Example 3.11  Functions of LTE Air Interface RLC Layer Consider the LTE air interface Layer 2 RLC protocol layer operating between the UE and the E-UTRAN. The RLC layer provides services for transferring higher-layer information in acknowledged (AM), unacknowledged (UM), or TM. To ensure an error-free transmission and availability of the transmitted information accurately at the destination RLC protocol layer, the transmitting RLC layer performs several important functions such as segmentation, resegmentation, retransmissions, ciphering, padding, and so on. On the other hand, the receiving RLC layer also performs functions such as reassembly and duplicate detection on the received information before it is passed to the next higher layer.

3.9  ­General Protocol Model Between RAN and CN (UMTS, LTE, 5G) In Section 3.2, we have discussed the separation of protocol layers of various logical interfaces into a control plane and user plane categories which are applicable, in general, in all the mobile communications systems, i.e. GSM, GPRS, UMTS, LTE and 5G. In Section 3.3, we have also discussed the grouping of UMTS, LTE, and 5G systems only protocol layers into AS and NAS categories from the protocol layer termination at UMTS UTRAN, LTE E-UTRAN, 5G NG-RAN, and CN point of view. The grouping of protocol layers into the AS and NAS layers in the UMTS, LTE, and 5G systems is done from their respective air interface point of view, where the air interface is the physical interface. On the other hand, the UMTS UTRAN, LTE E-UTRAN, and 5G NG-RAN communicate with their CN elements and another network element of a UTRAN, E-UTRAN, and 5G NG-RAN using the standard data transport network, e.g. ATM, IP, which is the standard protocol. It may be noted that the protocol stack and its logical interface between UMTS UTRAN and its CN; LTE E-UTRAN and its CN; and 5G NG-RAN and its CN are logically independent of the underlying data transport network used by them. Based on this, the protocol stack of a logical interface, i.e. Iu interface between UMTS UTRAN – CN; S1, X2 interface between E-UTRAN and MME or E-UTRAN; NG interface between 5G NG-RAN and 5G core, is further modeled with the following horizontal-layered structures: ●● ●●

Radio Network Layer (RNL) Transport Network Layer (TNL)

The above protocol model of the UMTS UTRAN, LTE E-UTRAN, and 5G NG-RAN is illustrated in Figure 3.18. For more information on these layered structures, refer to UMTS TS 25.401  [51], LTE TS 36.401  [95], 5G TS 38.401 [117], and TS 38.410 [118]. UTRAN or E-UTRAN or NG-RAN Logical Interface

Radio Network Layer

Transport Network Layer

Control Plane Application Protocol

User Plane User Protocol

…………….

Physical Layer

…………….

Figure 3.18  Illustration: general protocol layer model of UTRAN, E-UTRAN, and 5G NG-RAN.

Protocols, Interfaces, and Architectures

Figure 3.19  Illustration: general protocol layer model of UTRAN and E-UTRAN.

User Plane Iu User Plane Control Plane S1-AP

SCTP IP

Radio Network Layer

Transport Network Layer

Data Link Physical Layer (a) LTE/EPS: S1-AP Control Plane

GTP-U

GTP-U

UDP

UDP

IP AAL5 ATM

IP Data Link

Physical Layer (b) UMTS: Iu-PS User Plane

The RNL deals with the UTRAN or E-UTRAN or 5G NG-RAN-specific related various functions and procedures, for example, radio bearer management, paging, and so on, in terms of an AP. The data TNL deals with the particular transport method, e.g. ATM, IP, and so on, and possibly through the intermediate network also, to be used to transport RNL procedures messages. RNL and TNL layers are logically independent of each other, which makes it possible to make UMTS UTRAN or LTE E-UTRAN or 5G NG-RAN protocol-related changes in the RNL without affecting the TNL. As shown in Figure 3.18, the protocol layers of the logical interfaces between the UMTS UTRAN or LTE E-UTRAN or 5G NG-RAN and their respective CN or other network element are still separated as the control plane and user plane, but they share the same physical layer. Figure 3.19 shows a side-by-side RNL and TNL of the LTE/EPS S1-AP control plane between LTE eNodeB and MME, and UMTS Iu-PS user plane protocols between RNC and SGSN.

3.10  ­Multiple Transport Networks, Protocols, and Physical Layer Interfaces From the illustration shown in Figures 3.5 and 3.19, it has been observed that each of the concerned protocol stacks between the GSM BSS and its CN or the UMTS RNC and its CN has the following characteristics, i.e. multiple transport and data link networks, as described in Examples 3.12 to 3.13. ●●

Provisions for multiple Data Link layers

Example 3.12/Figure 3.20 illustrates the data link layers used for the UMTS Iu-interface. The Iu-interface transport network options are used to exchange the control plane and user place messages of both the Iu-CS and Iu-PS interfaces. ●●

Provisions for Separate Transport Protocol in an IP Transport Network

In the case of UMTS, LTE, or 5G system, if the IP transport network option is used, the IP network transport protocol layers used are listed in Table 3.8. SCTP [17] transport network is also used for different logical interfaces in the 5G system.

47

48

Mobile Communications Systems Development

Example 3.12  Multiple Transport Networks for UMTS Iu Interface The UMTS Iu-interface is divided into two parts: Iu-CS, to support the CS domain, and Iu-PS, to support the PS domain. The Iu-interface may use the ATM or IP-based transport network as the data link layer protocol, as illustrated in Figure 3.20. For more information, refer to TS 25.412 [53]. Figure 3.20  Iu interface transport network: data link layers.

UMTS Iu Interface Transport Network

IP Data Link Layer

ATM Data Link Layer

Table 3.8  Protocol layer in UMTS (Iu), LTE system (S1), and 5G NG over IP. IP Transport Layer

Purpose

System/Interface

UDP

To transport Iu or S1 or NG user plane information over IP

UMTS (Iu), LTE (S1), 5G (NG)

SCTP [17]

To transport Iu or S1 or NG control plane information over IP

●●

Provisions for Multiple Physical Layer Interfaces

Depending on the data link layer being used, the GSM BSS, UMTS RNC, and the core network element transport network may provide provisions for configuring multiple physical layer interfaces. This ensures a backup, in case one physical interface fails the other physical interface can be brought into service to continue communications services. The upper layers of a protocol stack are independent of the type of underlying data link layer and its physical interface being used to transport higher-layer data. Example 3.13  GPRS Gb-Interface Multiple Physical Layer Interfaces Consider Figure 3.5 illustrated earlier. As shown in that figure, the GSM BSC and the SGSN can exchange the Gb-interface protocol stack messages using either the Frame Relay network protocol or IP network. The SubNetwork control protocol takes care of the data link layer protocol (Frame Relay or IP) to be used by the Gb-interface. The higher-layer applications are independent of the sub-Network control protocol. In case the Frame Relay protocol and its physical E1 interface go down, the IP Transport/Ethernet interface can be brought into services immediately so that the Gb-interface is not affected and GPRS services are not down permanently. Similarly, between the UMTS UTRAN and its CN, the Iu-interface can be configured to use either the ATM over STM or IP transport network physical layer; refer to TS 25.412 [53].

●●

Reason for Multiple Data Link Layer Provisions Typical reasons to support multiple data links by a network element are as follows: –– Make the higher layer(s), e.g. RNL, independent of the TNL being used for the introduction of a new transport network without affecting the application or RNL; –– Create a backup transport network; and –– System and application requirements, e.g. use ATM to transport multimedia contents, whereas frame relay can transport data only.

Protocols, Interfaces, and Architectures

3.11  ­How to Identify and Understand Protocol Architectures 3GPP defines a larger number of protocol logical interfaces, starting with the alphabet “A”, stacks, and layers which are central to the interworking of a network element with another network element of mobile communications systems and networks. In this chapter, we have covered only the following logical interfaces of mobile communications networks: ●● ●●

Air interfaces, i.e. Uu, Um, between UE/MS and RAN of GSM, UMTS, LTE, and 5G systems. Network interfaces (A, Gb, S1, Iu, X2, Gn, NG, and so on) between the GSM, UMTS, LTE, and 5G RANs and their respective CNs.

In fact, the majority of the logical interfaces are found only in the CNs domain along with the other CN elements such as the Home Location Register/Home Subscriber Server (HLR/HSS), Visitor Location Register (VLR), and Policy Charging and Restriction Function (PCRF). Other logical interfaces are also available that can be configured to support interworking and interoperations, e.g. CS fallback, Single Radio Voice Call Continuity, and so on, between two mobile communications networks. Some of these interoperation facilities may be configured as an optional and separately licensed feature. A developer must put the focus on a particular network element and its logical interfaces at a time. The air interface and its protocol stack is the most interesting one that consists of advanced wireless communications theories. The air interface differentiates one system from its predecessor. As a starting point, the reader is advised to go through and familiarize themselves with the list of 3GPP TSs mentioned in the Reference section of this book. There are 3GPP TSs describing the protocol layers of the respective air interface of the GSM, GPRS, UMTS, LTE, and 5G systems. The reader may, then, proceed gradually toward the other logical interfaces and their protocol stack.

3.11.1  Identifying a Logical Interface, Protocol Stack, and Its Layers To identify and understand a particular protocol stack architecture, its layers, and their corresponding 3GPP technical specifications, the following steps may be taken: ●●

●●

●●

Choose a particular mobile communications system such as the GSM, GPRS, and UMTS, LTE, or 5G as your area of interest. Use the information available in the 3GPP site [2] (second, third, fourth column) as mentioned in Section 2.5.6. Next, decide the particular network element of interest such as GSM MS, BTS, BSC, and MSC; UMTS NodeB, and RNC; or LTE eNodeB, MME, and S-GW or 5G gNB and 5G core. Now, look at the logical interfaces supported by the chosen network element. Pick a particular logical interface and look at its protocol stack and layers. A logical interface and its protocol stack cover different subjects and specifications area. Look at the subject and specifications areas mentioned in the 3GPP site [2], first column, and pick a particular subject area. Against this chosen subject area, e.g. signaling, requirements, and so on, or a particular protocol layer, attempt to identify the corresponding technical specifications series and its specifications from the column 2, 3, or 4, 3GPP site [2].

Study the protocol layer architecture, its functions and procedures, and other details from the identified technical specification. Example 3.14 describes the typical steps to be used to derive the 3GPP technical specification of a protocol layer and its sub-layer. Figure 3.21 shows the protocol stack of the A-interface on the CN side.

49

50

Mobile Communications Systems Development

Example 3.14  GSM Circuit-Switched BSS and Air Interface Layer 3 Technical Specifications Suppose a developer is interested to study the GSM BSS that consists of BTSs and BSC network elements. Further, suppose that developer is interested in the air interface Layer 3 protocol, between an MS and the BSC, of a GSM system. Figure 3.21 below shows the GSM air interface Layer 3 protocols along with its sublayer protocol, as follows: ●● ●● ●●

Call Control Management (CM), MM, and Radio Resource Management (RR). Air Interface Um

A-Interface

Layer 3 CM (TS 24.008)

CC (TS 24.008)

MM (TS 24.008)

MM (TS 24.008)

RR (TS 44.018)

RR (TS 44.018)

DTAP, BSSMAP TS 48.008

DTAP, BSSMAP

SCCP

SCCP

LAPDm (L2)

LAPDm (L2)

MTP (L2)

MTP(L2)

GSM RF (L1)

GSM RF (L1)

Physical L1

Physical L1

MS

Base Station Sub-System

MSC

Figure 3.21  Illustration: GSM air interface Layer 3 protocol stack.

1) As shown in Figure 3.21, the GSM air interface Layer 3 consists of the CM, MM, and RR layers. The developer may be further interested in the Radio Resource Management, (RR) sublayer of the GSM Layer 3 protocol stack. The RR layer of a BSC deals with the signaling functions/messages of the GSM Layer 3 protocol stack. Now refer to the 3GPP site [2]. 2) For the GSM signaling protocols/messages that are exchanged between an MS and the BSC and vice versa, the corresponding 3GPP TS series number will be either 44 Series (After Release 4, including, GSM) or 4 Series (Before Release 4 GSM). Assume that you have considered the 3GPP TS Series 44. Within this series, one will find all the technical specifications, listed in ascending order, related to signaling messages between MS and the BSC. Now, look for the technical specification having the title Radio Resource Management protocol. You got the desired TS. In this case, it is the 3GPP TS 44.018 [130]. For Series 4, the corresponding TS will be the 3GPP TS 04.18. Similarly, try to find the technical specification number for the GSM CM and MM sublayer, which is TS 24.008[45]. 3GPP TS 24.008 [45] covers the entire mobile radio air interface Layer 3 specification for GSM/GPRS Edge Radio Access Network (GERAN), UMTS system. By following the same way as described above, one can

Protocols, Interfaces, and Architectures

find the corresponding technical specification number for the RRC protocol in the case of UMTS or LTE or 5G system. The technical specification series number for the LTE system is 36; for UMTS, it is 25 series; for 5G, it is 38 series. In Figure 3.21, the GSM BSC and its BTSs are being shown as the combined BSS. However, a BTS and BSC of a BSS are connected by the logical A-bis interface that is not shown in Figure 3.21. A-bis interface is proprietary with its protocol stack. On the CN side, a BSC and the MSC are connected by the logical A-interface which is an open standard defined by 3GPP. Look at the protocol stack of the A-interface. At the top of the stack are the Base Station Subsystem Mobile Application Part (BSSMAP), Direct Transfer Application Part (DTAP), and Signaling Connection Control Part (SCCP) layer, which is the Layer 3 protocol. The BSSMAP and DTAP protocols are defined in the 3GP TS 48.008 [134]. The Layer 2 is the Message Transfer Part (MTP). The physical layer used for both the A-bis and A-interface is the E1 interface, as described earlier in Section 3.1.1. The SCCP, MTP is part of the standard Signaling System #7 (SS#7). For more information on the SCCP and MTP layers, refer to TS 48.006 [133].

3.11.2  Identification of Technical Requirements Using Interface Name A 3GPP technical specification defines its scope and describes the protocols, functions, and procedures that may be applied to more than one mobile communications systems, from GSM to the 5G system. From the descriptions available in a given 3GPP TS, it is important to identify such requirements that are specific to a particular mobile communications system, i.e. GSM, GPRS, UMTS, LTE, and 5G. A 3GPP TS mentions the corresponding CN logical interface name while describing the detailed requirements of functions and procedures. Generally, a 3GPP technical specification mentions the applicability of a specific requirement/ section being described using the term: A/Gb mode to refer to GSM/GPRS system; Iu mode to refer to UMTS system; S1 mode to refer to LTE/EPS system; and N1 mode to refer to 5G system. A logical interface name also identifies a particular mobile communications system that is being referred to and the requirements that belong to it.

3.12  ­Protocol Layer Procedures over CN Interfaces In the preceding sections, we have discussed the CN interfaces of GSM, GPRS, UMTS, LTE/EPS, and 5G networks. The logical interfaces between the respective RAN and its CN element are as follows: ●● ●● ●● ●●

S1, between LTE eNodeB and MME; NG between 5G NR NG-RAN and AMF Iu, between UMTS/UTRAN RNC and MSC; RNC and SGSN A, between GSM BSC and MSC Gb, between GSM BSC and SGSN

Over a particular logical interface, as mentioned above, the following types of signaling messages are exchanged in the forms of an AP between the RAN and CN for the execution of ●● ●●

Interface-specific protocol functions and procedures Session Management, Call Management, and MM air interface Layer 3 or NAS layer messages between a UE/ MS and the CN, transparently through the RAN.

The AP functions and signaling procedures executed over the respective logical interfaces are specific to a particular mobile communications system and network. There are also protocol and signaling procedures that are similar in nature, but they are implementations dependent on a particular communications system.

51

52

Mobile Communications Systems Development

3.12.1  Similar Functions and Procedures over the CN Interfaces Several similar protocol functions and procedures are performed over the LTE/EPS S1-interface, UMTS Iu-interface, GSM A-interface, GPRS Gb-interfaces, and 5G NG interface. Some of them are mentioned below. However, these high-level functions and procedures are implementation-dependent in terms of different signaling messages names and their contents but are similar in nature with respect to their applicability from GSM to the 5G system. ●●

Between the MS/UE and the CN –– The CS or PS domain Session Management, Call Management, and MM layer signaling messages that are exchanged between an MS/UE and the CN are not processed by the GSM or UMTS or LTE or 5G RAN, but they are forwarded to the CN. Forwarding of such signaling messages by the RAN to the CN is done through the direct transfer of messages. In the GSM system, it is known as the DTAP as shown earlier in Figure 3.21; in the UMTS system, it is known as the DIRECT TRANSFER; in the LTE and 5G systems, it is known as the NAS transport.

A Session Management, Call Management, and MM-related message that is exchanged between an MS/UE and the CN is embedded in a DTAP (GSM) or DIRECT TRANSFER (UMTS) or NAS TRANSPORT (LTE/EPS) message. A GSM DTAP or UMTS DIRECT TRANSFER or an LTE/EPS or 5G NAS TRANSPORT message is exchanged between the radio access and its CN only. However, the initial Layer 3, i.e. CC, MM related, message from a ME/ UE toward the CN is exchanged through the GSM INITIAL MS message in UMTS and the INITIAL UE message in the LTE/EPS and 5G systems. Example 3.15 below illustrates the typical messages flow between an LTE/eNodeB and its MME through NAS transport messages in uplink and downlink direction. Such NAS transport messages between an LTE/eNodeB and its MME are used to forward signaling messages exchanged between a UE and LTE/MME and vice-versa.

Example 3.15    LTE/EPS: PS Domain NAS Transport Messages Figure 3.12 shown earlier illustrates the LTE/EPS MM procedures and their signaling messages. This figure shows snapshots of a few end-to-end signaling messages for a PS domain LTE/EPS ATTACH procedure. In fact, between the eNodeB and the MME, the individual NAS signaling messages of a particular LTE/EPS NAS procedure will be exchanged using the uplink or downlink NAS TRANSPORT message as illustrated in Figure 3.22 below. UE

eNodeB

MME

…………………… InitialUEMessage [,ATTACH REQUEST,,,,] DownlinkNASTransport [,,Authentication Request] Authentication Request Authentication Response UplinkNASTransport [,, Authentication Response]

……………………………………………….. InitialContextSetup [,ATTACH ACCEPT...]

…………………… UplinkNASTransport [,,ATTACH COMPLETE..]

Figure 3.22  Illustration: LTE/EPS NAS transport between eNodeB and MME over S1 interface.

Protocols, Interfaces, and Architectures

As illustrated in Figure 3.22, the LTE air interface initial NAS layer messages, e.g. ATTACH REQUEST, TAU, received from a UE is sent through the InitiaUEMessage from the eNodeB to the MME. The subsequent NAS messages between eNodeB and the MME are exchanged using the DownlinkNASTransport and UplinkNASTransport messages. The MME sends the ATTACH ACCEPT message to the eNodeB through the InitialContextSetup message. For more information on the NAS TRANSPORT messages and their contents, refer to TS 36.413 [97]. ●●

Between the RAN and the CN

Several similar procedures are performed between the RAN and its CN only over their respective logical interfaces, e.g. LTE/EPS S1 and X2; 5G NG; UMTS-IuPS; and IuCS. Typical similar procedures are mentioned below: –– Handover procedure performed in case of the GSM and LTE system; relocation procedure performed in case of UMTS system. A handover or relocation procedure is executed to transfer an ongoing call from one cell to another suitable cell. –– Interface management – to setup, initialize, and release the respective interfaces, i.e. A, Gb, Iu, S1, and 5G system NG interface. –– Security and encryption. –– Paging – to notify an incoming call for an MS/UE. –– UE tracking – to track a particular UE/MS. –– Overload control from CN – which indicates the RAN to reduce the signaling load toward the CN. Several functions are performed by a network element to complete a particular protocol layer procedure as highlighted above, which are described later in different chapters. For more information on the above functions and procedures, refer to TS 25.413 [54], TS 36.413 [97], TS 38.413 [119], and TS 48.008 [134].

3.12.2  Specific Functions and Procedures over the CN Interfaces Some functions and procedures performed over a CN logical interface are specific to a GSM, UMTS, LTE, or 5G system. Typical examples of such GSM, UMTS, and LTE system-specific functions over their specific logical interface are mentioned below: ●●

●●

●●

●●

BSSMAP [between GSM BSC – MSC] –– Speech transcoding from 64 kbps, at MSC end, to 16 kbps, at BSC end RANAP [between UMTS/UTRAN RNC – MSC] –– UMTS Radio Access Bearer management, i.e. establish, modify, release, create, and allocate radio access bearer to the UE –– Transport and RNL link management functions S1-AP [between LTE/E-UTRAN eNodeB – MME] –– LTE/EPS Radio Access Bearer management, i.e. setup, modify, release, to create and allocate radio access bearer to the UE –– Transport and RNL link management functions NG-AP [between 5G NG-RAN – AMF] –– 5G PDU Session Management, i.e. setup, modify, and release, a PDU session to a UE, MM, UE context management, and so on –– Transport and RNL link management functions.

For more information on the specific functions and procedures, refer to TS 25.413  [54], TS 36.413  [97], TS 48.008 [134], and TS 38.413 [119].

53

54

Mobile Communications Systems Development

­Chapter Summary This chapter has introduced the core aspects of the understanding, design, and development of logical interfaces, their protocol stack, and its layers of mobile communications systems and networks. Logical interfaces are used to communicate among network elements of a mobile communications network. Logical interfaces are also used for the interworking and interoperations of mobile communications systems and networks, which shall be described later in Chapter 6. Different terminologies are used to describe a logical interface, its protocol stack, and layers. Protocol layers are classified into user plane and control or signaling plane distinctly based on the nature of the information that is transmitted over a particular logical interface. Within the control plane only, protocol layers are also grouped into the AS and NAS categories, especially in the UMTS, LTE, and 5G networks and systems. We presented the protocol layer termination and sublayering of a particular protocol layer found in mobile communications systems and networks. We also presented the general working model of a protocol layer that is used to communicate with its peer layer and provide services to an upper layer. Apart from this, we presented the general protocol model and layers of the UMTS UTRAN, LTE E-UTRAN, and 5G NG-RAN and their respective CNs. A 3GPP technical specification may cover the description of GSM, GPRS, UMTS, LTE, and 5G system protocol functions and procedures. A method to identify the functions and procedures description that applies to a particular communications system was presented. Finally, the reader is recommended to focus on a particular logical interface, protocol stack at a time, and its specifications as mentioned in the references section and then, proceed gradually toward other logical interfaces and their protocol stack.

55

4 Encoding and Decoding of Messages ­Introduction This chapter covers the methods for encoding and decoding of control plane or signaling messages and protocol data units (PDUs) that are exchanged between the peer protocols layers of network elements of mobile communications networks, from the Global System for Mobile Communication (GSM) to the 5G system. The method of a description of signaling messages and their encoding and decoding is part of a protocol layer specification, which differs from one logical interface to another one. Messages are exchanged between the network elements of a mobile communications network to facilitate various communication services to users. A source network element creates a protocol layer message in a predefined format using a particular encoding/packing method and sends it to the peer network element over the concerned logical interface. The peer network element decodes or unpacks a message using the same method that was used to encode it. We begin with the description of encoding and decoding methods of air interface Layer 3 signaling messages, followed by the Layer 2 signaling messages exchanged between a Mobile station (MS)/User Equipment (UE) and the network. We also cover the encoding method used by the Radio Access Network (RAN) and core network (CN) elements. We close this chapter with the method of embedding a control plane message within another control plane message to reduce signaling overhead between two network elements, especially over the air interface.

4.1  ­Description and Encoding/Decoding of Air Interface Messages One important aspect of a mobile communications network is the “signaling message” that is exchanged between its network elements. A signaling message is nothing but an exchange of a series of information between the network ­elements to establish, maintain, and release of resources allocated for communication services being provided to the service users. Information in a particular signaling message being transmitted is encoded (packed) and decoded (unpacked) differently across the mobile communications systems, i.e. from the GSM to 5G. Depending on the protocol stack and its layers supported by a network element, it may use different methods of encoding and decoding of signaling messages at each protocol layer. Also, a network element may decode the contents of a message that it receives or may not decode but transparently forward to the destination network element using another encoding method. A protocol layer of a network element may send a signaling message to its peer layer like a long series of ordered bits where an octet alignment may or may not be required. Another protocol layer of the same network element may send a signaling message as a series of octets with octet alignments. To sum up, as far as the development of a protocol layer is concerned, two aspects of signaling messages defined in its technical specifications are required to be considered: Mobile Communications Systems Development: A Practical Introduction to System Understanding, Implementation, and Deployment, First Edition. Rajib Taid. © 2021 John Wiley & Sons Ltd. Published 2021 by John Wiley & Sons Ltd.

56

Mobile Communications Systems Development ●● ●●

The method used to describe a signaling message The method used for encoding and decoding of a signaling message to transfer/receive among network elements.

It may be noted that the method of description, i.e. tabular format, and encoding/decoding of signaling messages differs from layer to layer. In the subsequent sections that follow, the following methods of descriptions, encoding, and decoding of mobile communications networks signaling messages over their respective air interfaces are discussed. a) Encoding and Decoding of Air Interface Layer 3 Messages This method is used by the GSM air interface Radio Resource (RR) sublayer of Layer 3 protocol between an MS and the base station controller (BSC). This method is also used by the Call Control (CC) and Mobility Management (MM) sublayers of GSM; GPRS Mobility Management (GMM), Session Management (SM) ­layers of Universal Mobile Telecommunication System (UMTS); Evolved Packet System Session Management (ESM) and Evolved Packet System Mobility Management (EMM) layers of Long-Term Evolution (LTE)/ Evolved Packet System (EPS) system; and 5GMM and 5GSM layers of 5G system. These protocol layers work between an MS/UE and the CN. b) Concrete Syntax Notation.1 (CSN.1) Encoding/Decoding This method is used by the General Packet Radio Service (GPRS) air interface Layer 2 radio link control (RLC)/ Medium Access Control (MAC) protocol between the MS and BSC. c) Abstract Syntax Notation.1 (ASN.1) Encoding/Decoding Using Packed Encoding Rule (PER) This method is used by the following protocol layers over their respective logical interfaces: –– UMTS Radio Resource Control (RRC) air interface Layer 3 between the UE and UMTS Terrestrial Radio Access Network (UTRAN)/Radio Network Controller (RNC), –– LTE RRC air interface Layer 3 between the UE and Evolved-UMTS Terrestrial Radio Access Network (E-UTRAN)/eNodeB, and –– 5G New Radio (NR) RRC air interface Layer 3 between the UE and Next Generation Radio Access Network (NG-RAN)/5G Base Station (gNB).

4.1.1  Encoding/Decoding: Air Interface Layer 3 Messages To describe and encode/decode the air interface Layer 3 and its sublayers signaling messages, the basic tabular form of definition is used. Except for the UMTS, LTE, and 5G RRC layers, the following layers share the same tabular format to describe their air interface Layer 3 and Non-access Stratum (NAS) layers messages. ●● ●● ●● ●●

GSM RR, MM, and Connection Management (CM) layers, GPRS/UMTS GMM and SM layers, LTE/EPS NAS layers – EMM and ESM NAS, and 5G System NAS layers – 5GMM and 5GSM.

An air interface Layer 3/NAS layers signaling message consists of an ordered series of octets (1 octet: 8 bits) and each message being with a protocol header. The protocol header is followed by protocol information fields. Each field is known as the information element (IE). An IE has certain attributes such as its unique identifier and ­presence requirements in the message, length, and value as described below. IEs and their attributes are described in a tabular format. ●●

IE and its Identifier

A signaling message carries various information from a sender to a receiver through a collection of IEs. Each IE indicates particular information of a protocol layer to a receiver and is uniquely identified by a so-called

Encoding and Decoding of Messages

Figure 4.1  Components of an IE of a protocol message.

Information Element (IE) Value (V)

Length (L)

IE Identifier (T)

Information Element Identifier (IEI). An IE has a name and is represented by assigning a hexadecimal value through the IEI. IEs of a signaling message may have different lengths such as 1 octet, 2 octets, and so on. An IE of a message has the following components, also shown graphically in Figure 4.1.

●●

–– Type (T), represented by the IEI, –– Length (L), in octets, and –– Value (V), i.e. an actual value of an IE. Presence Requirements of IE

The presence of an IE in a signaling message may not be required always. Based on this, the presence of an IE is classified as shown in Figure 4.2:

●●

–– Mandatory (M) – An IE must be present always; if it is not, the receiver will consider the message as an erroneous one and reports a protocol error. –– Conditional (C) – Presence depends on the value of another IE. If a condition is met and the IE is not present, the receiver will consider the message as an erroneous one; else, it will accept the message. –– Optional (O) – The receiver will accept the received message irrespective of the presence of the IE. IE Formats

As shown in Figure 4.1, each IE of a signaling message has the type (T), represented by the IEI, along with a defined range of values (V), including reserved value, and its length (L). The type (T), length (L), and allowed value (V) of IEs of signaling messages of a particular protocol layer are defined by its corresponding 3rd Generation Partnership Project (3GPP) technical specification. Using the Type, Length and Value (TLV), several formats of an IE can be defined as shown in Figure 4.3; refer to TS 24.007 [44]. The formats “LV-E” and “TLV-E” indicate that these IE formats are used in the case of the LTE/EPS system only for its air interface Layer 3 MM and SM messages. GSM, GPRS, UMTS, LTE, and 5G NR air interface messages defined and encoded in TLV formats are called Standard Messages. ●●

IE Types

Figure 4.2  Presence requirements of an IE of a protocol message.

Presence of Information Element

Mandatory (M)

Figure 4.3  Standard formats of air interface layer 3 messages IEs. Source: © 2011. 3GPP ™ TSs and TRs are the property of ARIB, ATIS, CCSA, ETSI, TSDSI, TTA and TTC who jointly own the copyright in them. © 2011, 3GPP.

Conditional (C)

Optional (O)

Table 11.1: Formats of Information Elements Format T V TV LV TLV LV-E TLV-E

Meaning Type Only Value Only Type and Value Length and Value Type, Length and Value Length and Value Type, Length and Value

IEI present

LI present

Yes No Yes No Yes No Yes

No No No Yes Yes Yes Yes

Value part present No Yes Yes Yes Yes Yes Yes

57

58

Mobile Communications Systems Development

The IEs of the GSM, GPRS Layer 3 and UMTS, LTE, and 5G NR NAS layer signaling messages are octet aligned. Depending on the usage of the IEI, length (L) of an IEI, and its value (V), the IE can be represented in one of the formats as shown in Figure 4.3. The particular format used to encode an IE represents its corresponding type. The different types of IE are mentioned below: –– Type 1: IE format – V (with a half octet in length) and TV (each is half octet in length), –– Type 2: IE format – T, i.e. IEI only (1 octet in length), –– Type 3: IE format – TV (length of IEI is 1 octet; length of value: 1..n octet), –– Type 4: IE format – LV, TLV (length of IEI is 1 octet, length of value: 1..n octet, and length of length indicator: 1 octet), and –– Type 6: IE format – LV-E, TLV-E (length of IEI is one octet, length of value: 1..n octet, and length of length indicator: 2 octets). For more information on the above IE, its format, and types, refer to the 3GPP TS 24.007 [44]. ●●

Encoding/Decoding of IEs –– The IEs of a signaling message is encoded by the sender and decoded by the receiver in order of their appearances in the tabular description. IEs are encoded as octet aligned. –– Only the IEI/Type (T), Length (L), and Value (V) of an IE are encoded/decoded as per their tabular ­descriptions of the concerned message. Because of the TLV encoding, the overall message size becomes larger for ­transmission over the air interface.

In case an IE in a message is encoded incorrectly, a protocol error is detected and flagged by the receiver of the message which is notified to the sending network element about the detected error so that the predefined actions may be taken. For example, if an MS/UE sent an IE to the CN that is not encoded correctly, the CN element will report an error to the RAN. Further, the RAN may report about the error to the operation and maintenance ­personal through a predefined alarm. Usages of IEs, their formats/lengths, i.e. TLV, and presence requirements in a NAS signaling message are ­illustrated through Examples 4.1 to 4.3. From the LTE/EPS Attach Complete message definition which is shown in Figure 4.4, the following ­observations may be made: –– Tabular Description of Air Interface NAS Layer Signaling Message All the air interface Layer 3 and NAS layer messages and their IEs are described in a tabular format with six columns. IEIs are arranged in the order they are transmitted. –– For an IE having its format type (T), the corresponding IEI is mentioned in the first column, IEI, of the table. Figure 4.4 contains IEs with format types: V and LV. Note that the GSM, GPRS, UMTS, air interface Layer 3, and LTE and 5G NAS layer signaling messages have protocol header part followed by IEs for user information/data part that is defined in a tabular format as shown in

Example 4.1  Illustration of LTE/EPS NAS MM Layer Message Consider the LTE/EPS Attach Complete NAS layer EMM message (see Figure 4.4) reproduced from TS 24.301 [46], which is sent from the UE to the Mobility Management Entity (MME) through the eNodeB. They are described in the tabular format and also their encoding method, i.e. IE format-TLV, is the same. But there is a difference between the GSM, UMTS, GPRS and LTE/EPS, and 5G NAS layer messages. The GSM, GPRS, and UMTS air interface Mobility Management (GMM) messages are not security protected, but every LTE/EPS, 5GS NAS, MM layer message is security protected. For this purpose, the header of every LTE/EPS EMM or 5G MM message contains the Security Header Type IE.

Encoding and Decoding of Messages

IEI

Information Element Protocol Discriminator Security Header Type Attach Complete Message Identity ESM Message Container

Type/Reference Protocol Discriminator 9.2 Security header Type 9.3.1 Message Type 9.8

Presence M

Format Length V 1/2

M

V

1/2

M

V

1

ESM Message Container 9.9.3.15

M

LV-E

5-n

Figure 4.4  LTE/EPS NAS layer 3 attach complete message. Source: © 2014. 3GPP ™ TSs and TRs are the property of ARIB, ATIS, CCSA, ETSI, TSDSI, TTA and TTC who jointly own the copyright in them. © 2014, 3GPP.

Example 4.2  Illustration of LTE/EPS NAS SM Layer Message Consider the LTE/EPS ESM Information Request NAS message (see Figure 4.5) which is sent from the MME to the UE through the eNodeB. It is described in a tabular format and their encoding method, i.e. IE format, is the same. Unlike the GSM/GPRS Layer 3 SM messages, the protocol header of every LTE/EPS NAS layer message contains an EPS Bearer Identity and a Procedure Transaction Identity; refer to TS 24.301 [46]. In the case of the 5G system NAS layer, a 5GSM message contains a PDU Session ID and a Procedure Transaction Identity. IEI Information Element Protocol Discriminator

Type/Reference Protocol Discriminator 9.2 EPS Bearer Identity EPS Bearer Identity 9.3.2 Procedure Transaction Procedure Transaction Identity Identity 9.4 ESM Information request Message Type 9.8 Message Identity

Presence M

Format V

Length 1/2

M

V

1/2

M

V

1

M

V

1

Figure 4.5  LTE/EPS NAS layer 3 ESM information request message. Source: © 2014. 3GPP ™ TSs and TRs are the property of ARIB, ATIS, CCSA, ETSI, TSDSI, TTA and TTC who jointly own the copyright in them. © 2014, 3GPP.

Example 4.3  Illustration of Encoding and Transmissions of Layer 3/NAS Layer Message LTE/EPS air interface NAS layer messages and their tabular definitions/descriptions have been presented in the previous examples. It has been observed that the types, in TLV format, of the different IEs of a particular message are not the same, but they are mixed in nature, i.e. Type 1, Type 2, and so on. Figure 4.6 illustrates one such typical encoding of IEs of a Layer 3 messages header (1 octet, value only); message type (1 octet, value only); and followed by a typical IE in TLV format for transferring between an MS and the RAN over the respective air interface. The IEs of a message are encoded at the sender and decoded at the receiver in the same order as it is defined in its concerned technical specification. Figure 4.6  Illustration: encoding and transmission of air interface message.

Message: X Header V

V

Type V

IE: 1

T

L

..n

V ……

RAN

59

60

Mobile Communications Systems Development

Figure 4.4. It may be noted that though the message description in tabular format is the same, the protocol headers used across the different air interfaces are different.

4.1.2  Encoding/Decoding: LTE and 5G NR Layer 2: RLC Protocol The LTE and 5G NR air interface RLC layers provide the capability to exchange information between a UE and the LTE E-UTRAN or between a UE and the 5G NG-RAN in terms of the PDU. An RLC layer PDU facilitates transfer of higher-layer data in Transparent (TM), Unacknowledged (UNACK) or Acknowledged (ACK) mode. A PDU consists of a header part that is further followed by the data part of the PDU. PDU Description An RLC PDU, ACK, and UNACK mode header consist of several fields with different lengths in bits. Thus, the encoding and decoding of each field are different. Nevertheless, the protocol header and the data part of RLC PDU are octet aligned and is described in a tabular format. The TM PDU of the RLC layer does not contain the header part and is used to transfer messages such as paging and system information messages. Neither the sending RLC nor the receiving RLC layer performs any operations on a TM PDU. There is another PDU called Control PDU, which is used by the receiving RLC layer to inform the sending RLC layer on the status, i.e. lost or successfully decoded, of a PDU being received.

●●

Encoding of RLC PDU Though the RLC PDU is described in a tabular format, the header and data part is encoded as bit strings where the leftmost bit of the first line of the table is considered as the most significant bit and the rightmost bit of the last line of the table is considered as the least significant bit. Depending on the length of Sequence Number (SN) used in an RLC header, the length of the RLC header may take 1 or 2 octets at the beginning of the table and is different for the ACK mode and UNACK mode of data transfers. The 5G NR air interface RLC layer and its PDU formats are described later in Chapter 19. For more information on the RLC layer protocol header, its different parameters, and their encoding requirements, refer to TS 38.322 [114] for 5G NR.

●●

4.1.3  Encoding/Decoding: LTE and 5G NR Layer 2: MAC Protocol The LTE and 5G NR MAC layer facilitates the exchange of air interface Layer 2 information in terms of a PDU between a UE and LTE E-UTRAN or between UE and 5G NG-RAN. A MAC PDU consists of a MAC header and MAC SDU, which is received from the RLC layer. The method of description and encoding of the MAC layer PDU is similar to the method used by the LTE and NR RLC layers as described above. Similar to the RLC layer, the encoded bit strings of LTE or 5G NR MAC layer is an octet (8 bits) aligned. Also, note that unlike the air interface Layer 3 message header, the MAC header and the MAC SDU are variable in size. For more information on the MAC layer protocol header, its different parameters, and their encoding requirements, refer to TS 36.321 [93] for LTE and TS 38.321 [113] for 5G NR. NR air interface MAC layer and its PDU formats are described later in Chapter 19.

4.1.4  CSN.1 Encoding/Decoding: GPRS Layer 2 Protocol (RLC/MAC) The CSN.1 [10] notation method for describing, encoding, and decoding of air interface Layer 2 signaling messages are used by the GPRS RLC/MAC layer. It was described in Section 4.1.1 that the air interface Layer 3 messages are encoded and decoded on the octet (8 bits) level in TLV format. However, using the CSN.1 notation, only the value, and not type or length, of the IEs of a signaling message are encoded and decoded on a bit level. This results in a compact bits stream for transmission over the GPRS air interface. A CSN.1 encoded signaling message contains a bits string having an ordered sequence of symbols, i.e. 0 and 1. The resulting bits string may not

Encoding and Decoding of Messages

be multiple of 8, i.e. an octet. An example CSN.1 description of a message with two IEs of length 3 bits each is shown below: :: = 11 { 1 < IE1 : bit(3)> | 0 }11 In the above CSN.1 description of the sample message, the vertical bar “|” represents a choice. If the third bit of the message is 1, then IE1 shall be encoded; if the third bit is 0, then IE2 shall be encoded. Both the IEs are illustrated with length  =  3 bits. This is further followed by 11 bits, giving an overall bits stream of 8 bits. The CSN.1 method is based on the Backus-Naur Form (BNF) that contains various rules to be followed while describing a message. For more information on such rules of encoding and decoding of RLC/MAC layer signaling message using the CSN.1 method and its other aspects, refer to Annex-B, TS 24.007 [44]. Example messages and their descriptions/structures using CSN.1 notation can be found in 3GPP TS 44.060 [131]. Reusable software modules/functions/procedures are required to be developed for CSN.1 encoding, at the sender end, and decoding, at the receiving end, of GPRS RLC/MAC signaling message. More about the implementation of encoding and decoding in the code is described in later sections.

4.1.5  ASN.1 Encoding/Decoding: UMTS, LTE, and 5G NR Layer 3 Protocol The UMTS, LTE, and 5G NR air interface Layer 3 RRC protocol layer PDUs are described using the ASN.1 notation. Apart from these, the LTE/EPS S1-AP, X2-AP, 5G Core NG-AP, Xn-AP, and UMTS Radio Access Network Application Part (RANAP) protocol PDUs are also described using the ASN.1 notation. The ASN.1 describes the syntax of a message in an abstracted way as well as the method of encoding and decoding of message over a particular logical interface, e.g. air interface. ASN.1 notation is specified in ITU-T Rec. X.691 [11]. Message Description and Its Compilation The abstract description of a protocol layer message using the ASN.1 method is similar to a C-Language-like structure having data fields and its lengths. An example of an ASN.1 definition of a protocol message is shown below:

●●

L3ProtocolMessage:: = SEQUENCE{ Header :: =L3Header, Data :: =L3IEs, } L3Header:: =SEQUENCE{ Protocol-Discriminator::= BITS STRING (SIZE(4)), Skip-Indicator::= BITS STRING (SIZE(4)), } L3IEs ::= OCTET STRING(SIZE(255)) Consider that the C-Language is being used to develop the concerned protocol layer containing the above protocol header. From the above description of the protocol message, an ASN.1 compiler may produce the target C-Language source code/header file as illustrated below: typedef struct { unsigned char Protocol-Discriminator:4; unsigned char Skip-Indicator:4; unsigned char L3IEs[255]; } L3ProtocolMessage

61

62

Mobile Communications Systems Development

Further, the C-Language compiler will compile the ASN.1-generated C-header files along with the other C-source files to produce an encoding/decoding module. ●●

Encoding/Decoding Method

An ASN.1 description provides only the syntax of a message to be exchanged between two network elements. It does not define the actual method to be used for encoding and transfer of the concerned message. For encoding/ decoding a signaling PDU or message and its transmission, the ASN.1 Packed Encoding Rule (PER) is used, which is specified in ITU-T Rec. X.691 [11]. This is also known as the Message Transfer Syntax in the ASN.1 paradigm. The encoded bits stream generated by the ASN.1 PER can be of two types as mentioned below: –– Octet Unaligned, e.g. RRC layer protocol PDUs. –– Octet Aligned, e.g. UMTS RANAP messages; LTE/EPS S1-AP and X2-AP; 5G NG-AP; and Xn-AP messages. For more information on the aligned and unlighted encoding PER, refer to ITU-T Rec. X.691 [11]. There are additional protocol layer-specific encoding rules that are to be followed during the development of the concerned protocol layer. For more information on these additional rules, refer to TS 25.331 [50], TS 36.331 [94], and TS 38.331 [116]. ●●

How Does ASN.1 Notation Result in a Compact Encoding

It was described in Section 4.1.1 that the air interface Layer 3 messages are encoded and decoded on the octet (8 bits) level in TLV format. Depending on the IE type, it may be required to encode the type/IEI (T), length (L), and value (V) of an IE in a message. The overall length of the encoded message becomes larger. However, in the ASN.1 method, –– The type/IEI is never encoded and transmitted, and –– Encoding the length and value is also optional if both sender and receiver already know it. Because of these encoding rules, the size of the encoded message becomes compact in comparison to the TLV method encoding described above. As an example, consider an IE with a value = 5 to be encoded and transmitted in TLV format as well as using PER. An illustration is shown in Figure 4.7. Type (T), Length (L), and Value (V) each have a length of 1 octet. From Figure 4.7, it is observed that the PER encoding method results only in 3 bits of the IE’s value to be transmitted, in comparison to 24 bits in its TLV encoding format. This is because in the PER method, the Type is never used, and Length may not be used during encoding of an IE. Example 4.4 mentions typical LTE and 5G NR RRC layer signaling messages which are defined using the ASN.1 format described above.

4.1.6  Direct/Indirect Encoding Method The encoding and decoding methods of mobile communications systems and network messages as mentioned in the preceding sections apply, in general, to all the messages defined in a particular mobile communications system such as the GSM, GPRS, UMTS, LTE and 5G NR systems. There could be other encoding and decoding methods that are applicable to a particular message defined only in a particular mobile communications domain. Two such methods are Direct Encoding and Indirect Encoding. They are used in GSM Layer 3 Radio Resource Management layer’s Immediate Assignment message while allocating a list of hopping radio frequencies from the BSC to the Mobile station.

IE: x

T

L

V

1

1

5

Total Octets Using TLV Encoding = 3

Figure 4.7  Illustration: TLV Vs PER encoding method. IE: x 101 Total Bits Using PER = 3 (for Value = 5)

Encoding and Decoding of Messages

Example 4.4  LTE and 5G NR Air Interface RRC Layers: RRC Connection/Setup Request ASN.1 Message The LTE RRCConnectionRequest or the 5G NR RRCSetupRequest message is used by a UE toward the LTE eNodeB or 5G NG-RAN to request the establishment of an RRC signaling connection. For the ASN.1 definition of the LTE RRCConnectionRequest or NR RRCSetupRequest message, refer to TS 36.331  [94] and TS 38.331 [116]. The RRCConnectionRequest or RRCSetupRequest message carries the following information to the eNodeB: ●● ●●

●●

Initial UE identity, Establishment cause/purpose of the connection request, e.g. emergency call, data, signaling, voice call, and so on, and A randomly generated reference value.

4.1.7  Segmented Messages over the Air Interface It was mentioned in Section 4.1.4 that the GPRS RLC/MAC layer messages are encoded/decoded at bit level using CSN.1 [10] method. Even the presence or absence of a single bit of information in a particular communications signaling message matters a lot for the receiver of the message because it may not be able to decode the rest of the received message successfully. Sometimes, if the complete information to be sent does not fit in a single signaling message, the same may be transferred in a segmented way, and this is indicated by a presence of a bit in the first message segment already sent to the receiver. Similarly, the segmentation of the New Radio (NR) RRC layer messages i.e. RRCReconfiguration or RRCResume, in DL direction, and UECapabilityInformation, in UL direction, has been introduced as part of the 5G system Release 16. This is due to the limitation of the maximum PDU size of 1900 bytes as supported by the NR PDCP layer. The 5G NR air interface control plane protocol layer shall be described later in Chapter 18

4.1.8  Piggybacking a Signaling Message To reduce the exchange of signaling messages overhead between mobile devices and the network over the air interface or other interface, sometimes a signaling message is attached to another signaling message that is being scheduled and already transmitted. Such a mechanism of attaching a signaling message as part of another signaling message is known as the piggybacking of a message. The piggybacked message may be used to request additional RRs from the network to start data transfer in the opposite direction or to trigger the start of a new signaling procedure between the mobile device and the network. The following Examples 4.5 to 4.7 shall clarify the concept and purpose of piggybacking a signaling message into another message. ●●

Air Interface Signaling Messages Example 4.5  Piggybacking of GSM Air Interface Complete Layer 3 Information Using SCCP In the case of the GSM system, the SS7 protocol stack is used to exchange messages between the GSM and the MSC over the A-interface. The Signaling Connection Control Part (SCCP) layer is a part of the SS7 protocol stack. GSM Complete Layer 3 Information is used to transport all the initial signaling connection messages, between the MS and MSC, piggyback with the SCCP protocol message. Examples of GSM system initial messages are – CM SERVICE REQUEST, which is used for a mobile originated call, LOCATION UPDATE REQUEST, which is used for location area update request from MS to the CN, etc.

63

64

Mobile Communications Systems Development

Example 4.6  Piggybacking Using LTE or 5G NAS Layer Signaling Message In the LTE or 5G system also, piggybacking of a signaling message, e.g. piggybacking an SM layer message to an MM layer message, is used. In the LTE/EPS, piggybacking of NAS messages is used for the bearer management procedure in the downlink direction. In the uplink direction, piggybacking of the NAS message is used only for transferring the initial NAS message during connection setup. For example, the LTE/EPS ATTACH Request message is send piggybacked with the RRCConnectionSetupComplete message over the LTE air interface between UE and E-UTRAN. Similarly, in the 5G NR system, the NAS layer RegistrationRequest (toward the 5G Core Access and Mobility Management Function (AMF)) message is piggybacked to the RRCSetupComplete message from a UE to the NG-RAN. ●●

CN Signaling Messages Example 4.7  Piggybacking GTPv2 Control Plane Messages In the LTE/EPS and 5G systems, the GTPv2 control plane signaling messages are used in a couple of logical interfaces, for example, between the LTE/EPS MME and the S-GW and S-GW and P-GW. The fifth bit of a GTPv2 control plane header, 3GPP TS 29.274 [70], contains a field called “P” which indicates the presence of a further piggybacked GTPv2C message along with the current GTP GTPv2C messages. For example, a Create Session Response message from the S-GW to the MME may contain the Create Bearer Request message as well as the piggybacked message for the MME. In this case, the “P” flag in the header of the Create Session Response message shall be set to 1.

4.2  ­Encoding/Decoding of Signaling Messages: RAN and CN In the previous sections, we have discussed the encoding and decoding of signaling messages between a UE/MS and their respective RAN of the GSM, UMTS, LTE, and 5G NR systems over their respective air interface. To perform certain functions and procedures between the RAN and the CN, they also exchange signaling or control plane messages over the respective logical interface. The IEs of a signaling or control plane message exchanged over the concerned logical interface between the RAN and CN are packed and unpacked using a particular encoding and decoding method, which are described below: ●●

Between GSM BSC and MSC: A-Interface

The logical A-interface is used to exchange signaling messages between the GSM BSC and the MSC. Over the A-interface, the following types of messages are exchanged between the BSC and MSC. –– Base Station Management Application Part (BSSMAP) Signaling messages for various functions and procedures performed between the BSC and MSC are classified into BSSMAP types. BSSMAP messages, between BSC and MSC, are also encoded/decoded and are described in a tabular format similar to the air interface Layer 3 messages. However, unlike the Layer 3 messages, BSSMAP messages do not contain a message header. Each BSSAMP message starts with its message type, followed by the associated IEs. –– Direct Transfer Application Part (DTAP) DTAP messages are exchanged between the UE and MSC only. All the air interface Layer 3 CC and MM signaling messages that are transparently forwarded by the BSC, received from the MS to the MSC without processing

Encoding and Decoding of Messages

Example 4.8  LTE NAS Layer: Downlink NAS Transport: MME to eNodeB Figure 4.8 shows the definition of the downlink NAS transport message from the LTE/EPC MME to the eNodeB. IE/Group Name Message Type MME UE S1AP ID eNB UE S1AP ID NAS-PDU Handover Restriction List Subscriber Profile ID for RAT/Frequency Priority

Prese nce M M M M O

IE type Semantics Critic and Description ality Reference 9.2.1.1 YES 9.2.3.3 YES 9.2.3.4 YES 9.2.3.5 YES YES 9.2.1.22

O

9.2.1.39

Range

YES

Assigned Criticality ignore reject reject reject ignore ignore

Figure 4.8  LTE/EPS MME-ENodeB: S1-AP: downlink NAS transport. Source: © 2014. 3GPP ™ TSs and TRs are the property of ARIB, ATIS, CCSA, ETSI, TSDSI, TTA and TTC who jointly own the copyright in them. © 2014, 3GPP.

by BSC, are classified into DTAP types. DTAP messages are the air interface Layer 3 messages with a header containing protocol discriminator information in the header of every message that is exchanged between the MS and MSC. Because of this, the DTAP message is encoded and decoded as described in Section 4.1.1. ●●

Between GSM BSC and SGSN: Gb-Interface

The Gb-interface is used to exchange signaling messages between the GSM BSC and the SGSN. Over the Gb-interface, the following types of messages are exchanged between the BSC and SGSN of a GPRS network. –– Network Service protocol layer; refer to 3GPP TS 48.016 [135]. –– BSS GPRS Protocol (BSSGP) protocol layer; refer to 3GPP TS 48.018 [136]. NS and BSSGP layer messages are also encoded/decoded and are described in a tabular format similar to the air interface Layer 3 messages. However, unlike the Layer 3 messages, NS and BSSGP layer messages do not contain a message header. Each NS and BSSGP layer message starts with their message type, followed by the associated IEs. ●●

Between UMTS RNC – CN; LTE E-UTRAN and CN; 5G NG-RAN and CN

The UMTS RANAP, over the Iu interface between RNC and CN, uses the ASN.1 notation for describing the signaling message between RNC and the CN. The LTE/EPS S1-AP, between eNodeB and MME, and X2-AP, between two eNodeBs, also uses the ASN.1  notation for encoding and decoding of signaling message over the S1 and X2 interface. Similarly, the 5G system NG-AP, between NG-RAN/gNB and AMF, and XN-AP, between two gNB, also use the ASN.1 notation for encoding and decoding of signaling message over the NG and Xn interfaces. Protocol messages specifications using ASN.1  notation was described earlier in Section  4.1.5. Note that the messages exchanged between UMTS RNC – CN; LTE E-UTRAN and CN; 5G NG-RAN and 5G core are also described using tabular notation. Example 4.8 illustrates the tabular definitions of a message described in a tabular format. The NAS-PDU IE, which is a mandatory one, in the downlink NAS transport message contains the message to be communicated from the MME to the UE.

­Chapter Summary This chapter presented the CSN.1, ASN.1, direct, indirect, tabular format, and so on and methods of describing and encoding/decoding protocol layer messages across the different mobile communications systems from the

65

66

Mobile Communications Systems Development

GSM to the 5G system. The peer protocol layers of network elements of a mobile communications network exchange signaling messages using a particular encoding/decoding method as described in this chapter. These encoding and decoding methods are used over their respective logical interfaces, e.g. air interface Layer 2, Layer 3, NAS layer, between RAN and CN, and so on, to exchange control plane information. In comparison to the other encoding methods described in this chapter, the CSN.1 encoding method produces more compact protocol layer messages that are to be transmitted over the GPRS air interface. An encoding and decoding method represents the data structures of IEs of messages that are used during the software design and development of protocol layers supported by the network elements of a mobile communications network. An IE of a message may contain and may be encoded with several information. Unlike the traditional IP layer header and packet, information may be encoded/decoded even at a single bit level in a mobile communications message. Correctly encoding and decoding of an IE, its components, and the value of a control plane or data plane message is important for the successful operation of a mobile communications network. It is also important from the interworking and interoperation point of view. We then closed the chapter with the method of piggybacking of a signaling message over another signaling message, thus reducing signaling overhead, be it over the air interface or between CN elements.

67

5 Network Elements Identities and Its Addressing

­Introduction This chapter covers the various identities that are used to identify and address different network elements or logical objects of mobile communications systems and networks, i.e. Global System for Mobile Communication (GSM), General Packet Radio Service (GPRS), Universal Mobile Telecommunication System (UMTS), and Long-Term Evolution (LTE) system. Network identities used in the 5G system are described in Chapter 16. Every network element has its own identity using which the peer network element can identify the source of data received over a particular interface. We begin with the network identities that are used at the radio access and core network (CN) domain along with their nature. A network element identity has several other aspects such as its persistency, which may be either permanent or temporary; also, an identity may have a local or global presence. A network element can have several identities, especially if it supports multiple radio access technologies (RATs). We then present the fundamental or native and mapped identity of a network element. Mapped identities are used in case of an interworking scenario where a user and its User Equipment (UE) move from one RAT to another and vice versa. A network identity may be used by a network element to keep track of the resources allocated to another network element. Apart from the network elements, network identities are also assigned to identify and address other logical objects such as the GSM location area, GPRS routing area, and LTE/Evolved Packet System (EPS) tracking area. Such network identities are further described in Chapter 18.

5.1  ­Network Elements and Their Identities A mobile communications system and network comprise numerous physical network elements or resources as well as logical objects or resources that are used as part of the design, development, implementation, and field deployment. Network elements or resource identities are logical in nature. An identity may represent a logical connection and association between two network elements. A network element, say eNodeB, may assign an identity to another network, say UE, to uniquely identify it over a particular logical interface. The network element’s identities are divided into the following categories: ●● ●●

●●

UE/Mobile Station (MS) Identities Radio Access Network (RAN), UMTS Terrestrial Radio Access Network (UTRAN), Evolved-UMTS Terrestrial Radio Access Network (E-UTRAN), 5G Next-Generation Radio Access Network (NG-RAN) Identities CN Identities Figure 5.1 illustrates the above network identities along with their natures.

Mobile Communications Systems Development: A Practical Introduction to System Understanding, Implementation, and Deployment, First Edition. Rajib Taid. © 2021 John Wiley & Sons Ltd. Published 2021 by John Wiley & Sons Ltd.

68

Mobile Communications Systems Development Network Identities MS/UE Identities

Permanent

RAN Identities

Temporary

Local

CN Identities

Global/ End-to-End

Figure 5.1  Network identities, their persistency, and presence.

A network element, or a subscriber, or a logical link between peer protocols or other logical resources are identified and addressed with their corresponding identities, which can be a permanent, temporary, static, or dynamic in nature, as shown in Figure 5.1. For example, the core network may allocate a temporary identity to a mobile device for paging purposes. The CN and the access network allocate a temporary identity to an MS/UE as a result of events such as the power off/on or changes in the current location of the mobile device. This is required to protect the real identity of a mobile device while communicating with the network over the air interface. A permanent identity is assigned to a network element as part of its administrative provision, network planning, and configuration process. For example, an International Mobile Subscriber Identity (IMSI) is allocated to uniquely identify each mobile subscriber in the GSM, UMTS, LTE/EPS, and 5G systems and may be also used to page an MS/UE by the CN. A network identity can be a local one, i.e. visible to a particular network element such as GSM Visitor Location Register (VLR), GPRS Serving GPRS Support Node (SGSN), and LTE/EPS Mobility Management Entity (MME), or it can be used/visible across the end-to-end network element, i.e. from the mobile device to base station controller (BSC), UTRAN, E-UTRAN, and 5G NG-RAN to Core Network. A network identity can be a global one that is exchanged across an interface connecting two peer network elements. For example, in the LTE/EPC system, a UE and MME S1AP identity is exchanged between the eNodeB and the MME over the S1 interface to uniquely identify a UE. Note that the network identities have different lengths.

5.2 ­Permanent Identities There are network identities that are permanent and unique in nature. Examples of permanent network element identities are mentioned below: ●●

●●

●●

An MS/UE is assigned an International Mobile Equipment Identity (IMEI) by its manufacturer that is burnt into the firmware of an MS/UE. An IMSI is assigned by an operator to a subscriber during its provisioning in the database of the Home Location Register (HLR). An IMSI is stored in the SIM card of an MS/UE. A Public Land Mobile Network (PLMN) identity of a network consists of the Mobile Country Code (MCC) and Mobile Network Code (MNC). A PLMN uniquely and globally identifies the operator of a particular network as an MCC is allocated by the International Telecommunication Union (ITU).

An operator-configured network identity also can be a permanent one as long as its configuration does not change.

Network Elements: Identities and Its Addressing

5.3  ­Temporary Identities Assigned by CN In an end-to-end mobile communications network, one important function of the CN is to protect the real identity of an MS/UE while exchanging information over the air interface. The confidentiality of an MS/UE identity over the air interface is accomplished by allocating a temporary identity to it by the concerned CN element. Also, the temporary network identity is provided by the concerned network element which controls a particular service area. In the case of the GSM system, a VLR controls a location area; in the case of the GPRS system, an SGSN controls a routing area; and in the case of the LTE/EPS system, an MME controls a tracking area. Some of the temporary identities assigned to a mobile device by the concerned CN elements of GSM, GPRS, UMTS, and LTE networks are described below. For more information on these temporary identities, refer to TS 23.003 [30] and TS 23.060 [31].

5.3.1  GSM System Temporary Identities ●●

Temporary Mobile Subscriber Identity (TMSI)

A TMSI is allocated by the CS domain VLR to protect an MS/mobile user’s identity while communicating over the air interface. A TMSI is allocated as part of the successful CS domain location area update mobility management procedure initiated by an MS toward the CN. A TMSI is used by the MSC as the identity of an MS during the air interface Layer 3 mobility management-related procedures such as sending a paging request message to the MS to notify about an incoming call. A TMSI has an end-to-end significance and has 32 bits in length. TMSI with all 1’s is not a valid one. A new TMSI is also allocated to a mobile device on entering a new location area under a different VLR where the MS performs a location area update procedure with the CN. The VLR maintains an association between the IMSI of the mobile device and the allocated TMSI. For multi-RATs, i.e. GPRS Edge Radio Access Network (GERAN), UTRAN, and E-UTRAN, capable MS/UE, a TMSI is allocated as a result of the combined mobility management procedures performed by a UE/MS toward the CN.

5.3.2  GPRS System Temporary Identities ●●

Packet TMSI (P-TMSI)

A P-TMSI is allocated by the GPRS PS domain SGSN to protect a mobile user’s identity while communicating over the air interface. A P-TMSI is used as the identity of an MS during the GPRS air interface Layer 3 mobility management-related procedures such as the routing area update, paging request, and an attach request. A P-TMSI has an end-to-end significance and has 32 bits in length. The first two Most Significant Bit (MSB) bits (31, 30) of a P-TMSI are always set to 1’s. A new P-TMSI is allocated to a mobile device on entering a new routing area under a different SGSN where the MS performs a routing area update procedure with the CN. The SGSN maintains an association between the IMSI of the mobile device and the allocated P-TMSI. ●●

Network Resource Identifier (NRI)

An NRI is a CN-level identifier and is used to identify a GSM MSC or SGSN or an LTE/EPS MME. Several MSCs or SGSNs or MMEs can be configured in a pool to serve mobile users in a load-balanced way. An NRI is assigned and identifies uniquely an individual CN element, i.e. MSC, SGSN, or an MME, out of all the CN elements configured in a pool. An NRI has an end-to-end significance and has a length from 0 to 10 bits; NRI having length 0 means the feature is not used at the CN end. More about the CN element pool and their selection are described later in Chapter 7.

69

70

Mobile Communications Systems Development ●●

Temporary Logical Link Identity (TLLI)

A TLLI identifies a logical link at the Logical Link Control (LLC) layer between the MS and the SGSN of a GPRS system. At the GPRS LLC layer level, an MS is uniquely identified by a temporary logical link identifier (TLLI). A TLLI is constructed from a P-TMSI that is allocated by the SGSN which has an end-to-end significance and is used across the MS, BSC, and the SGSN.

5.3.3  LTE/EPS System Temporary Identities MME TMSI (M-TMSI), S-TMSI An M-TMSI is allocated by the LTE/EPS MME to a UE. An S-TMSI is constructed from an M-TMSI and the MME code, which is 8 bits in length. Using the S-TMSI, MME used to send a paging message to a UE. S-TMSI has an end-to-end significance. For a multi-RATs capable UE/MS that supports the GSM, GPRS, UMTS, and LTE systems, a UE/MS will perform the combined registration procedures toward the respective CN. The concerned CN element will assign and allocate the three TMSIs accordingly, i.e. TMSI, P-TMSI, and S-TMSI, to a UE. For example, to notify an incoming CS call to an E-UTRAN registered with the Circuit Switched Fall-back (CSFB) feature, the MSC will send the paging request message to the MME with TMSI. The MME will send the paging command to the UE using the S-TMSI. The UE will send the CS paging response with TMSI allocated by the MSC/VLR.

●●

●●

Network Identities for LTE/EPS Network elements

Various identities are used to identify network elements or logical objects, at the protocol layer level, of an LTE/ EPS network. Such network identities, as elucidated in Example 5.1 below, may be assigned as part of a periodical Example 5.1  Network Identities of LTE Network Elements Figure 5.2 illustrates the fundamental identity assigned to some of the network elements of an LTE/EPS PLMN. Several network identities also contain the PLMN Id. The purposes of the network identities shown in Figure 5.2 are described below: –– E-UTRAN Cell Identity (ECI) (28 bits in length): It is a unique cell identity and cannot be repeated in a PLMN. It is defined as the SIBType1. CellIdentity; refer to TS 36.331 [94]. An ECI together with the PLMN Id constitutes an E-UTRAN Cell Global Identity (ECGI). –– eNB Id (28 bits length): It identifies an eNodeB within a PLMN. –– Radio Network Temporary Identifier (RNTI) (16 bits length): It identifies a UE having a Radio Resource Control (RRC) connection and also can be scheduled for data transmission/reception. –– MMEC (8 bits length): MME Code – identifies MME with the MME group. –– MMEGI (16 bits length): MME Group Id – identifies the MME Group Id of that an MME belongs to. Figure 5.2  Illustration: identities for LTE network elements.

Public Land Mobile Network ECI eNB

……

eNB ID

MME

MME

MMEC

MMEC MMEGI

ECI eNB

IMSI

eNB ID

MME MMEC

RNTI

MME MMEC MMEGI

Network Elements: Identities and Its Addressing

network planning or maintenance processes or can be generated and assigned by a network element dynamically to another network element as part of a protocol layer procedure. ●●

Globally Unique Temporary Identity (GUTI)

In the case of the LTE/EPS system, a mobile device UE is uniquely identified by a GUTI that is allocated by the MME. A GUTI is similar to a P-TMSI and is used as the identity of a UE during the LTE/EPS mobility management-related procedures executed between a UE and the MME. A GUTI can be a native or mapped as described later in Section 5.5. A GUTI is constructed from several fundamental network identities as ­illustrated in Example 5.2.

Example 5.2  LTE/EPS Globally Unique Temporary UE Identity (GUTI) A GUTI is an LTE/EPS network-level identity that has end-to-end significance and is used to provide unambiguous identification of a UE. The construction, as well as its hierarchical structure of a GUTI, is shown in Figure 5.3. Figure 5.3  Illustration: components and derivation of a GUTI.

GUTI

GUMMEI

M-TMSI

PLMN MCC

MNC

MME Identifier MMEGI

MMEC

Using a GUTI, the identification of the MME and its corresponding network can be determined. It can be used by the network and the UE to establish the UE’s identity during signaling between them in the LTE/EPS network. ●● Physical Layer Identity of a Cell At the physical layer level, each cell in an LTE/E-UTRAN network is identified through a Physical Cell Identity (PCI), which is illustrated through Example 5.3 and Figure 5.4. As defined by the TS 36.211 [90], there are 504 unique Physical Layer Cell Identities, and they are divided into 168 (0–167) unique Physical Layer Cell Identity groups; each group has three (0, 1, 2) unique identities. A PCI has the relationships and is derived from the downlink reference signals primary synchronization signal (PSS) and secondary synchronization signal (SSS) which are transmitted from a base station. The mathematical relationship among the PCI, PSS and SSS is shown below. PCI= (3* Physical Cell Identity Group) + Physical Layer Identity Where Physical Cell Identity Group =0 to 167; Physical Layer Identity=0 to 2. The PSS has the link to the Physical Layer Identity, which is a Zadoff–Chu sequence, and the SSS has the link to the PCI group. A UE reads the synchronization signals during a cell search procedure in the LTE system. To avoid interference and PCI collision as well as confusion issues, the same PCI is never reused in the neighbouring cells. A PCI collision occurs when two adjacent cells have the same PCI. A PCI confusion occurs when a cell has two neighbours with the same PCI. As the number of PCIs (504) is limited, PCIs are carefully planned and repeated in other cells that are not adjacent or neighbor to each other as shown in Figure 5.4.

71

72

Mobile Communications Systems Development

Example 5.3  LTE Physical Layer Cell Identity (PCI) A cell in the LTE system can have three types of identities: ●●

●●

●●

An ECI of 28 bits in length as mentioned in Example 5.1, which identifies a cell in a particular LTE network. It is defined and controlled by the higher layer. It is also used from the operation and maintenance point of view. An E-UTRAN Cell Global Identifier (ECGI), containing the PLMN Id, that identifies a cell globally, i.e. anywhere in the world, A Physical Cell Identity (PCI) is used at the LTE Physical Layer level only (Figure 5.4), and it is defined as the PhysCellId in the TS 36.331 [94].

Figure 5.4 illustrates the LTE Physical Layer Cell Identities (PCI) and their groups. The PCI is similar to the UMTS scrambling code concept, for which a RAN planning is required for its proper usages. A PCI helps a UE to distinguish information received from different neighboring transmitters and select a particular cell to camp-on at the physical layer level. Figure 5.4  Illustration: LTE physical layer cell identities (PCI) and groups.

Public Land Mobile Network PCI5 PCI4 PCI1 PCI2 PCI0

PCI3 Group 1

Group 0

PCI501 PCI502

……….

PCI503 Group 167

5.4  ­Temporary Identities Assigned by RAN: RNTI RNTI stands for Radio Network Temporary Identifier that is allocated by the UMTS UTRAN, LTE E-UTRAN, and 5G NG-RAN to UEs. An RNTI uniquely identifies a UE and is used during the communication between UTRAN or E-UTRAN or NG-RAN and a UE over their air interface: Uu. The RNTIs used in the LTE system is described below: ●●

LTE E-UTRAN: Allocation of RNTIs, TS 36.300 [92]

LTE E-UTRAN also allocates several RNTI types to address a particular UE over its air interface. However, unlike the UMTS system, it is also possible to address multiple UEs in the LTE system. This is because the LTE E-UTRAN uses the physical downlink shared channel (PDSCH) to transmit control as well as user data to a UE. Thus, a mechanism is required by an LTE UE to differentiate the type of information received from the E-UTRAN. To achieve this, different types of RNTIs are used by E-UTRAN as described below. For more information on LTE RNTI values and usages, refer to TS 36.321 [93]: –– System Information (SI)-RNTI – It is used to broadcast system information from the E-UTRAN to the UEs/cell through the Broadcast Control Channel (BCCH). SI-RNTI is part of the cyclic redundancy check (CRC) added to the contents of the downlink control information (DCI) format 1A. –– Paging (P)-RNTI – It is used by the UEs for the reception of paging from the E-UTRAN through the Paging Control Channel (PCCH). –– Cell(C)-RNTI – C-RNTI uniquely identifies a UE having RRC signaling connection, and scheduling, with E-UTRAN in a particular cell. C-RNTI is used by the E-UTRAN to provide an uplink transmission grant and downlink assignment.

Network Elements: Identities and Its Addressing

–– Temporary C-RNTI – It is generated by the MAC layer of an eNodeB and sends it in the Random Access Response (RAR) to the UE as a response to the Random Access Preamble transmitted by the UE. Temporary C-RNTI is later changed to the C-RNTI once the UE contention is resolved at the eNodeB end. –– SPS-CRNTI – Semi-Persistent Scheduling RNTI is used in case the SPS activation/reactivation/retransmission is performed. –– TPC-RNTI – It is used to send Transmit Power Control command to a UE. –– Random Access (RA)-RNTI – RA-RNTI unambiguously identifies which time-frequency resource was utilized by the UE to transmit the Random Access Preamble. The eNodeB uses the RA-RNTI in the RAR from the E-UTRAN to UE. The eNodeB scrambles Physical Downlink Control Channel’s (PDCCH’s) CRC with RA-RNTI for transmission of PDSCH that carries RAR(s). –– M-RNTI – It is used to notify a UE about an MCCH information change.

5.5  ­Usages of Network Identities An ongoing end-to-end call for a UE/MS involves resource allocations by the different network elements of a communication network. In this regard, each network element assigns its respective network identities, having local or end-to-end significance, which is used to keep track of the various resources allocated by them. When an ongoing call is completed, the network elements release the allocated resources as identified by the respective network identities. At times, the end-to-end troubleshooting of an issue may be confusing using the different network identities. The corresponding identities are used during the analysis of the different call processing events, both signaling and user data, to isolate the source of the issue, i.e. network elements. Once a network element is isolated from the probable root cause, the same events may be tracked further on the peer network element using the corresponding identities that are used in that network element. Note that the network identities are assigned by the different network elements or different protocols layers of a network element. For example, LTE RNTIs are assigned by its Layer 2 MAC layer. Knowing the network identity and its corresponding protocol layer is particularly important during the end-to-end troubleshooting of an issue using protocol analysis tools.

5.6  ­Native and Mapped Network Identities Network identities assigned to a mobile device can be native or mapped ones. ●●

Native Identity

A network element may construct a native identity from several fundamental identities. A network element may allocate a native identity to another network element for its identification and tracking of various resources allocated to it. An example of native identity in the case of LTE/EPS is the GUTI as shown in Example 5.2; in Figure 5.3. MME assigns a GUTI to a UE and is used during the various EPS mobility management layer procedures. Similarly, in the GPRS system, the SGSN allocates a P-TMSI to an MS. ●●

Mapped Identity

A mapped identity is derived from a certain portion of a native identity or may assign the whole native identity. One example of mapped identity is the NRI used in a GPRS system that is derived either from a TMSI or P-TMSI. Similarly, a TLLI, which is used in the GPRS system, is derived from a P-TMSI, as shown in Example 5.4 and Figure 5.5.

73

74

Mobile Communications Systems Development ●●

Mapped identity due to intersystem changes

An LTE E-UTRAN UE may support multiple RATs to provide communication services through legacy networks. Such a UE registers with the legacy CNs also where the respective network identities are allocated to the UE to provide seamless communication service to the user. During the intersystem changes from E-UTRAN/LTE/ EPS to GERAN/UTRAN (UMTS) and vice versa due to its mobility, a UE identity shall be mapped into another identity, as shown in Example 5.5 and Figure 5.6. Example 5.4  GPRS MS Identity: Mapping an NRI and TLLI into a P-TMSI Consider a P-TMSI of a GPRS mobile subscriber which is of 32 bits in length. The mapping and deriving of an NRI and a TLLI from a P-TMSI is shown in Figure 5.5. ●● NRI An NRI is mapped into the Bits 23rd to 14th of a P-TMSI. ●● TLLI The first two MSBs of a TLLI are set to 1’s. The Bits 29th to 0th of a TLLI is mapped into the corresponding bits of a P-TMSI. GPRS and UTRAN P-TMSI

LSB

31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 … 0 Mapped To MSB 1

Mapped To

NRI

Figure 5.5  GPRS MS identity: mapping of an NRI and TLLI into a P-TMSI.

Mapped To Mapped To

1 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 … 0 TLLI

Example 5.5  UE Identity Mapping due to the Intersystem Change from GERAN/UTRAN to E-UTRAN Due to a UE’s intersystem changes from E-UTRAN/EPS to GERAN/UTRAN (UMTS) and vice versa, the new SGSN or new MME requires to retrieve the UE information from the old SGSN or old MME. Apart from this, identity mapping is also required at the UE end if it wishes to perform a mobility management procedure in the target system. Consider that an E-UTRAN capable UE leaves a GERAN/UTRAN coverage area and enters into an E-UTRAN area and wants to perform an EPS ATTACH mobility management procedure toward the LTE/EPC network. Also, assume that the UE does not have a valid GUTI at present. In this case, the UE maps the existing GERAN/ UTRAN domain identities into the E-UTRAN domain corresponding identities and sends those identities as EPS Mobile Identity in the Attach request message, along with the Old GUTI Type as “Mapped GUTI” to the MME. The GERAN/UTRAN network identities mappings to E-UTRAN network identities are shown in Table 5.1. Table 5.1    GERAN-UTRAN to E-UTRAN-EPC: identities mapping. GERAN-UTRAN

E-UTRAN-EPC

Mobile Country Code (MCC)

Mobile Network Code (MNC)

Mobile Network Code (MNC)

Mobile Network Code (MNC)

Location Area Code (LAC)

MME Group ID

Routing Area Code (RAC)

Bit 23rd to 16th of M-TMSI

8 Most Significant Bits of NRI

MME Code

29th to 24th bits of P-TMSI

29th to 24th bits of M-TMSI

15th to 0th bits of P-TMSI

15th to 0th bits of M-TMSI

Network Elements: Identities and Its Addressing

Figure 5.6 shows graphically the mapping of LTE/EPS M-TMSI from the GERAN/UTRAN P-TMSI. In the current intersystem change scenario, the visiting and new MME performs the reverse mapping of the identities shown in Table 5.1, and based on these, the new MME is able to contact the old SGSN to retrieve the UE information. LSB

E-UTRAN M-TMSI

Figure 5.6  Illustration: UE identities mapping: GERAN/UTRAN to E-UTRAN.

31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 … 0 GERAN/UTRAN RAC MSB

Mapped To

Mapped To

30 31 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 … 0 GERAN, UTRAN P-TMSI

For a UE’s intersystem change from E-UTRAN to GERAN/UTRAN area, the procedure for identities mapping is almost the same. For more information, refer to TS 23.003 [30].

●●

LTE/EPS: Indication of Native and Mapped Identity

In the LTE/EPS, the CN elements are resolved and identified using their corresponding identity, i.e. GUTI for MME and P-TMSI/ Routing Area Identity (RAI) for the SGSN. These identities (GUTI and P-TMSI/RAI) used and assigned to a UE can be a native or mapped one. Native or mapped identity type or its nature is determined as follows: a) Explicit indication in the Attach request and tracking area update/routing area update request message from UE to MME /SGSN. b) Indication by setting the MSB of LAC and MME group Id. i)  MSB of MME Group = 1 when a native GUTI is used; MSB of MME Group = 0 when the GUTI is mapped from P-TMSI and RAC. ii)  MSB of LAC = 1 when P-TMSI/RAC is mapped from a GUTI; MSB of LAC = 0 when a native P-TMSI/RAC is used. We have discussed and illustrated only a few network identities in the preceding sections. In fact, mobile communications systems based on GSM, GPRS, UMTS, and LTE systems use numerous network identifiers across the protocol layers and interfaces. Refer to the corresponding 3GPP specification for the different network identities and their components. Later, Section 18.4.1 further describes some of the identities associated with the mobility management procedures of GSM, GPRS, LTE/EPS, and 5G systems.

5.7  ­LTE UE Application Protocol Identity In the LTE/EPC system, the eNodeB and the MME exchanges control plane protocol messages over the S1 logical interface. Similarly, the eNodeBs exchange control plane protocol messages over the X2 logical interface. For unique identification of a UE over the S1 interface, the eNodeB and MME assign the eNB UE S1AP ID and MME UE S1AP ID, respectively, during the initial registration request made by the UE to the CN. The eNodeB and the MME include these identities in all the application protocol (S1AP) signaling messages that are exchanged between them for the particular UE following its initial registration request message. For example, consider the LTE/EPS attach request message sent by the UE to MME. The eNodeB shall assign the eNB UE S1AP ID to identify the particular UE within the eNB and send it in the S1AP initialUEMessage to the MME. For more information on the definition of the initialUEMessage, refer to TS 36.413 [97].

75

76

Mobile Communications Systems Development

The MME will also allocate the MME UE S1AP ID to identify the particular UE within the MME. From this instance onward, both the eNodeB and the MME shall include the respective S1AP identities in all the application protocol S1AP messages, e.g. Uplink/Downlink NAS Transport, exchanged between them on behalf of the particular UE. Similarly, the eNodeB assigns the eNB UE X2AP ID to identify a UE over the X2 interface. This identity is included in the X2AP messages exchanged between two eNodeBs.

­Chapter Summary In this chapter, we have presented some of the network identities of network elements of communications networks from the GSM to the LTE system. Network identities are common as well as specific to a particular communications system. An operator may allocate network identities permanently to a network element. On the other hand, a network element can also generate network element identities and allocates temporarily to another network element at runtime. Such a network identity may address MSs/UEs over the air interface for granting, assigning, and releasing of shared radio resources by the particular RAN. This chapter discussed the usages, length, and the value range of some of the network identities. Network identities play a very important role in troubleshooting and resolving network services-related issues. During an inter-RAT movement of a user, a network identity in the target RAT can be derived from the identity used in the source RAT. A network identity may carry and be encoded with several individual information/­ components. Such individual component further provides network-related information or another network element identity. For more information on the network identities described in this chapter as well as other ­network identities and their structures, the reader may further refer to the references mentioned at the end of this book, especially the TS 23.003 [30].

77

6 Interworking and Interoperations of Mobile Communications Networks ­Introduction This chapter covers one of the most important functionalities, that is, interworking and interoperation, through which mobile communications networks provide seamless communications services to subscribers. Interworking facilitates an operator to provide various communication services to its subscribers within its home network. We begin with the basic interworking among the Global System for Mobile Communication (GSM), General Packet Radio Service (GPRS), Universal Mobile Telecommunication System (UMTS), and Long-Term Evolution (LTE)/ Evolved Packet System (EPS) networks and show how it can be realized within a home network using upgraded/ enhanced and legacy network elements. We then present the advanced interworking features through which an operator may provide voice call services to subscribers currently registered in an LTE/EPS network. Interworking between the LTE/EPS and the 5G system is also described briefly. Interoperations facilitate the operators to provide various communications services to their roaming subscribers when traveling outside of the home network. Interoperation works through the interworking of networks of the same or different operators. We present the interoperation cases for roaming subscribers through a visiting network that deploys either upgraded/enhanced or legacy network elements. We then close this chapter with the methods of routing roaming user data to the external network.

6.1  ­Requirements and Types of Interworking Figures 2.1–2.4, in Section 2.1, provide the basic and introductory architecture of the mobile communications networks based on the GSM (2nd generation), UMTS (3rd generation), and the LTE (4th generation) systems. These architectures may be deployed individually by an operator to provide voice and data communication ­services to different categories of subscribers. For example, a subscriber may like to avail and subscribe to GSM service only; another subscriber may like to avail and subscribe to both the voice and data services through the UMTS network. Similarly, a subscriber may like to avail and subscribe voice call service through a UMTS network and mobile broadband services through an LTE/EPS network only. The different types of services that can be availed by a subscriber also depend on the capability of the mobile device. Within the same operator, a mobile user that is currently registered in an LTE/EPS network may move to a different part of the same city having UMTS coverage only. In this case, the User Equipment (UE) will access and register with the UMTS network and ­continue ­providing the communication services to the subscriber. From the above examples, it appears that the mobile communications networks must have the capability and flexibility to provide communications services as per the mobilities and requirements of the subscribers are Mobile Communications Systems Development: A Practical Introduction to System Understanding, Implementation, and Deployment, First Edition. Rajib Taid. © 2021 John Wiley & Sons Ltd. Published 2021 by John Wiley & Sons Ltd.

78

Mobile Communications Systems Development

concerned. The UE/Mobile station (MS), access network, and circuit-switched (CS) and packet-switched (PS) domain core network elements of the GSM, GPRS, UMTS, and LTE networks provide such communications services through interworking among them. Interworking of a mobile communications network can take place with the following types of networks: ●●

●●

●●

Traditional Public Switched Telephone Network (PSTN), as shown in Figures 2.1 and 2.3, connecting the GSM and UMTS Release 99 network with the PSTN. External IP data network, e.g. Internet, as shown in Figures 2.2, 2.3, and 2.13, connecting the GPRS and UMTS Release 99 network with the Internet. Packet domain communications networks.

Interworking among the networks is realized through a particular logical interface that connects their gateway or anchoring network element. For example, in Figures 2.2 and 2.3, GPRS and UMTS PS core network is connected with the Internet through the Gi interface. Similarly, in Figure 2.4, the LTE/Evolved Packet Core (EPC) network is connected with the Internet through the SGi interface. In the next sections, we will discuss the interworking among the packet domain communications networks, i.e. LTE/EPS, GPRS, and UMTS networks. The interworking of these networks can be realized in the following ways: ●● ●●

Interworking through enhanced network elements Interworking through legacy network elements

6.2  ­Interworking Through Enhanced Network Elements It was mentioned in Section 2.3.2 that the legacy GPRS and UMTS PS core network element Serving GPRS Support Node (SGSN) exists in LTE/EPC network also. The SGSN is the central interworking network element for the LTE/EPC, GPRS, and UMTS PS domain core networks. Functionality wise, the LTE/EPC SGSN was upgraded to support interworking and mobility management capabilities between the LTE/EPC and GPRS/UMTS PS domain networks. This is in addition to the legacy functions that are performed by the SGSN for a GPRS and UMTS network. A scenario where the GSM, GPRS, UMTS, and LTE networks may be deployed by an operator through their interworking can be found in Figure 1(b) TS 23.002 [29]. In addition to the existing connections with the legacy GSM and UMTS network elements, the LTE/EPC SGSN also interconnects with the Mobility Management Entity (MME), Serving Gateway (S-GW) of an EPC network. Similarly, the S-GW is a centralized core network element for the interworking of user data/traffic between the LTE/EPC and the UMTS PS domain core networks. Figure 1(b) TS 23.002 [29] contains a basic interworking configuration where the voice call services may be provided through the GSM network (left side); voice and data services through the UMTS network (middle part); only data services through the LTE/EPS network (right side) during its initial rollout. This high-level interworking configuration may appear to be complex in the first place because of the numerous network elements that are interconnected through various logical interfaces as indicated by the bold and thin solid lines. Look at this figure from the UE/MS, in the bottom-up approach, toward the core network. Identify the access network and code network followed by the CS domain and PS domain network. From Figure 1(b) TS 23.002 [29], it is observed that the interworking among the GSM, GPRS, UMTS, and LTE/EPS networks is available at the core network level only, and no interworking is available at the radio access network level. To offer voice as well as data services through an LTE/EPS network only, the operator requires to deploy ­additional IP transport-based network components along with the EPC network shown in Figure  1(b) TS 23.002  [29]. On the other hand, an operator may choose to provide LTE/EPS data services only while it may

Interworking and Interoperations of Mobile Communications Networks

continue to provide a voice call through the legacy GSM, UMTS network. Such provision requires interworking capabilities among the networks and their components deployed by an operator. In the next sections, we will discuss the following interworking features that facilitate an LTE/Evolved-UMTS Terrestrial Radio Access Network (E-UTRAN) network registered UE and its user to make a voice call over an LTE/EPS network, in coexistence with the legacy GPRS Edge Radio Access Network (GERAN) and UMTS ­terrestrial radio access network (UTRAN). ●● ●● ●●

Voice-over IP Multimedia Subsystem (IMS) or voice-over LTE (VoLTE), Single Radio Voice Call Continuity (SRVCC), and Circuit-Switched Fallback (CSFB).

For these features to work, both the CS domain and PS domain core network elements, Mobile Switching Centre (MSC) and SGSN, are upgraded from its legacy networks, i.e. GSM/GPRS, UMTS. The network elements are upgraded in terms of new functions and procedures that are to be performed by the respective network element. The new functions and procedures are specified in the form of a new logical interface between two network elements. The dark dashed lines in the following illustrative figures show the existing, as well as the new logical interfaces for realizing a particular interworking feature through signaling or user traffic, flows between two network elements.

6.2.1  Interworking for Voice Call Through IMS: VoLTE To provide both the voice and data services to subscribers over an LTE/EPS, an IMS may be deployed and interworked through the SGi interface further with the LTE EPC network. The provision for providing voice services to subscribers over the LTE system and IMS is called the VoLTE. One such network deployment scenario providing VoLTE services is illustrated in Figure 6.1. Along with the LTE/EPS network and its IMS configuration, the handset must be also VoLTE capable to enable a user to make a voice call over an LTE network. A VoLTE-capable UE can work on different networks, i.e. GSM, UMTS, and LTE using different Radio Access Technologies (RATs).

GSM RAN

Figure 6.1  Illustration: LTE network and IMS interworking for VoLTE call.

BSC

Uu MS

MSC Gb

N PS Core Network IuPS

RNC

Uu

GMSC

SGSN

Gi

S3

S1

Gn GGSN

IMS

LTE EPC

S5

S-GW

L M

WWW

P

S1 MME

ENodeB

PSTN

N

…..

S12 S4 LTE E-UTRAN

ISUP

……...

IuCS

UMTS UTRAN

Um

P

GSM CS Core Network A

L SGi

P-GW

……...

M N

79

80

Mobile Communications Systems Development

As shown in the above interworking scenario, a voice call can be facilitated to a user through the legacy GSM, UMTS network, or LTE/EPS IMS. A UE indicates its preference for a voice call through the Voice domain preference and UE’s usage setting IE in the ATTACH Request message, TS 24.301 [46], TS 24.008 [45], that is sent to the core network during its initial registration of a UE. The same IE is also sent to the core network as part of the Routing Area Update (RAU) (GPRS, UMTS) and Tracking Area Update (TAU) (LTE/EPS) request to indicate its voice domain preference by a UE. An LTE UE that does not support the voice-over IMS feature will indicate the preference as the “CS voice only”. In such a case, the UE will use the CS fallback method of providing a voice call facility to a user. An LTE UE that support the voice-over IMS feature will indicate the preference as the “IMS PS voice only”. All these interworking possibilities of providing voice and data services depend on the capabilities of a UE and its usage setting, which is described in the next section. Below we briefly describe the IMS and its network elements that are interworked with an LTE/EPC to provide a VoLTE call facility to subscribers. 6.2.1.1  IP Multimedia Subsystem (IMS)

The IMS is the core network infrastructure backbone for offering common IP-based multimedia, e.g. audio, video, voice, and services to subscribers over an LTE/EPS IP transport network. The IMS contains the core network elements and interfaces, interconnecting them for routing of a VoLTE call either to a 2G/3G network or PSTN network or within an IMS network accordingly. The reference architecture, the network elements, and various interfaces of an IMS system are shown in Figure 6.2. For more information on this reference architecture, refer to TS 23.228 [36]. The IMS was standardized for mobile communications networks and was introduced as part of the 3rd Generation Partnership Project (3GPP) Release 5 architecture to provide voice calls along with other multimedia services. The main network elements of an IMS is the call session control function (CSCF) and the media gateway control function (MGCF). As shown in Figure 6.2, the CSCF performs several roles: Proxy CSCF, Interrogating CSCF, and Serving CSCF. ●●

Proxy-CSCF (P-CSCF)

IP Multimedia Networks Izi

CS Network

Mm

Ici, Mm

Mm

Mm

Legacy Mobile Signaling Networks

Ix IBCF Mx

TrGW CS

Mb Mb

CS

BGCF Mk

Mx

BGCF

IM MGW

MGCF Mn

Mb

MRB Mr

MRFP Mb Mb

ISC

Mp Mb

MRFC

AS

ISC Mx

Sh

Mw

Mg

Mj

Ma

I- CSCF

Mg

C, D, Gc, Gr

Cx

Mi

Cx

S-CSCF

Dh

Rc

Mw

Ut Dx Cr, Mr’

P-CSCF Gm

HSS

SLF

UE

IMS Subsystem

Figure 6.2  Reference architecture of an IMS. Source: © 2015. 3GPP ™ TSs and TRs are the property of ARIB, ATIS, CCSA, ETSI, TSDSI, TTA and TTC who jointly own the copyright in them. © 2015, 3GPP.

Interworking and Interoperations of Mobile Communications Networks

The information sent by a UE is received first at the P-CSCF and is forwarded to the I-CSCF. Interrogating CSCF (I-CSCF) I-CSCF contacts the Home Subscriber Server (HSS), and based on the response from the HSS, it forwards the call to the S-CSCF. ●●

Serving CSCF (S-CSCF) The S-CSCF handles the registration of UEs, maintains sessions, and performs routing functions.

●●

MGCF

The MGCF interconnects the IMS with PSTN or CS domain network element. For a mobile-terminated (MT) call, the MGCF contacts the I-CSCF. For more information on the above CSCFs, refer to TS 23.228 [36]. The signaling protocol that is used to exchange information between a UE and the IMS is known as the Session Initiation Protocol (SIP) which uses the IP transport network. IMS uses the SIP messages to perform various functions and procedures such as registration, call establishments and release, session management, authentication, security, and charging. Though the SIP messages exchanged between a UE and the IMS are signaling/control plane information in nature with respect to the IMS, they are treated as user plane data by the E-UTRAN and its core network. The real-time voice packets are transferred through other protocols called Real-Time Transport Protocol (RTP) and RTP Control Protocol (RTCP). For more information on the IMS, the reader is recommended to refer to TS 23.228 [36]. 6.2.1.2  UE Registration and Authentication

In a live network of an operator, once a UE is registered and authenticated by the LTE/EPC as part of the LTE/EPS ATTACH procedure, TS 24.301 [46], a VoLTE-capable UE is also required to register and authenticate itself with the IMS before it can start using IMS services. For these purposes, SIP signaling messages are exchanged between the UE and the IMS. Example 6.1 below describes and illustrates the flow of signaling messages, starting from registration to call establishment, conversation, and its completion, for a typical VoLTE call between two mobile devices over an IMS. Example 6.1  Illustration: UE Registration and VoLTE Call over IMS Let us consider a typical VoLTE call performed between two UEs: UE1 and UE2. To enable a VoLTE call, the UEs are required to be registered with both the LTE EPC and IMS for the allocation of the necessary resources, for example, EPS bearers with required Quality of Service (QoS). Several steps are involved in a VoLTE call over the IMS as described below: ●●

UE Registration with EPC and Allocation of Default Bearer with QoS Class Identifier (QCI) = 5

Figure 6.3 below illustrates the allocation of a default bearer to each UE as part of its ATTACH procedure requested to the core network. The allocated default bearer has the QCI = 5, Priority =1, refer to TS 23.203 [33], with nonguaranteed bit rate (NGBR) that is used to exchange IMS signaling messages between the UE and IMS. The dotted lines in Figure 6.3 indicate that some of the messages as part of the overall ATTACH procedure (which are exchanged between the UE and the EPC) are not shown in this figure. One such message is the Evolved Packet System Session Management (ESM) Information request, from EPC to UE, and its response, from UE to EPC. Using the ESM information response message, the UE provides the P-CSCF’s Access Point Name (APN) in the case of the IMS. ●●

UE Registration with IMS through Authentication

The UEs register with the IMS using the default bearer with QCI = 5 that was allocated during their registrations with EPC. To register with the IMS, a UE uses the SIP signaling message that is transferred as the user plane data over the LTE/EPS toward the IMS. P-CSCF is connected with the P-GW of the LTE/EPC. For a UE, the

81

82

Mobile Communications Systems Development

EPC

UE1

UE2

ATTACH REQUEST ………………………. ATTACH ACCEPT [Act. Def. EPS Bearer [… QCI = 5…]] ATTACH COMPLETE

ATTACH REQUEST ………………………. ATTACH ACCEPT [Act. Def. EPS Bearer [… QCI = 5…]] ATTACH COMPLETE

Figure 6.3  Allocation of default bearer with QCI = 5 for IMS signaling.

proxy CSCF is the entry and exit server in the IMS. A UE sends the APN of the P-CSCF server in the SIP: REGISTER message to the IMS. The UE sends its authentication response details in the REGISTER message again to the IMS following the 401: Unauthorized request message from the IMS; see Figure 6.4.

IMS UE1

LTE/EPC

UE2

Proxy CSCF

REGISTER UNAUTHORISED REGISTER OK REGISTER UNAUTHORISED REGISTER OK

Figure 6.4  Illustration: registration of UE in an IMS.

The end-to-end message flow for a typical registration of a UE in an IMS is - UE eNodeB S-GW PGW P-CSCF. Though not shown in Figure 6.4, once the P-CSCF receives the registration request from a UE, it is further processed by the I-CSCF, HSS, S-CSCF server and responds with the SIP: 200 OK messages to the registered UE. ●●

VoLTE Call over IMS

UEs that are EPC and IMS registered can establish a voice-over IMS to facilitate a voice call between two subscribers. The SIP signaling messages flows associated with a typical VoLTE call between two UEs – UE1 and UE2 – over IMS are illustrated in Figure 6.5. Only the P-CSFC is shown in the call flow below, though the I-CSCF and S-CSCF also take part in an IMS call. In Figure 6.5, the E-UTRAN and EPC/NAS-related signaling messages that are exchanged with the UEs are not shown for simplicity of the flows. The INVITE method carries the calling and called party’s number and is

Interworking and Interoperations of Mobile Communications Networks

used to establish a session between the two UEs. As shown in this figure, the EPS allocates a dedicated bearer with QCI = 1, Priority = 2, refer to TS 23.203 [33], with a guaranteed bit rate (GBR) over which the voice conversation takes place between the users. The establishment of a dedicated bearer for voice conversation purposes is intimated to the called UE through SIP:UPDATE method, following which it sends the SIP:RINGING status to the caller UE. Figure 6.5  Illustration: VoLTE call between IMS registered UEs.

IMS EPC

UE1

Proxy CSCF

UE2

INVITE […User: UE2…] Trying… INVITE […User: UE2…]

Session Progress Session Progress PRACK

PRACK OK

OK Activate Dedi. EPS Bearer with QCI = 1, Priority = 2 SIP: UPDATE Ringing PRACK ACK

SIP: UPDATE Ringing PRACK OK

OK ACK Voice Conversation started……

Bye

Call Ends

Bye OK

OK

The IMS for VoLTE described above will be also the foundation for the voice services over the 5G system with essential extensions added, as part of the 3GPP Release 15, over some of the existing logical interfaces, such as the Rx, Sh.

6.2.2  Interworking for VoLTE Call Through LTE/EPS: SRVCC The provision of a handover of an existing VoLTE call to a legacy GERAN or UTRAN system is known as the SRVCC (refer to TS 23.216 [35]) because of the single RAT capability of a UE at a given time only. Interworking through the SRVCC scenario is a bit similar to the one described in Section 6.2.1. However, there is a difference from the E-UTRAN UE capability point of view. SRVCC interworking scenario is suitable for an LTE UE having only one radio capability at a given time. Because of this, a VoLTE call over the IMS is required to be handed over to the legacy GERAN or UTRAN system for the continuation of the IMS voice call. The interworking of network elements, with IMS, for the SRVCC feature is illustrated in Figure 6.6.

83

84

Mobile Communications Systems Development

GSM RAN BSC

GSM CS Core Network ISUP MSC GMSC Server ……...

A Gb

IuCS

Um Uu

IuPS S12

MS Uu

Gn GGSN

Sv

S1

IMS

LTE EPC Net.

S3

LTE E-UTRAN

WWW

Gi

…..

S4

P

MME

L

ENodeB

S1

M N

UMTS PS Core Net.

SGSN

RNC

L PSTN

N

Sv

UMTS UTRAN

P

SGi

S5 P-GW

S-GW

M N

……...

Figure 6.6  Illustration: legacy and LTE network interworking for VoLTE call HO through SRVCC.

For the SRVCC capability to be realized, a new logical interface Sv, refer to TS 29.280 [71], is defined between the ●● ●●

MME and the MSC server and MME and SGSN, as shown above.

Figure  6.7 further illustrates the SRVCC HO of an LTE/EPS IMS voice call made by the VoLTE user A to a PSTN user B. In Figure 6.7, user A moved to a legacy 2G/3G coverage area. As the user moved away from the LTE coverage area and approaches a 2G/3G coverage area, the eNodeB detects a better signal level from the 2G/3G networks. UE sends the measurements reports to the eNodeB which in turn sends an SRVCC HO request to the MME. In Figure 6.7, the signaling and traffic paths are shown prior to and after the SRVCC HO. All the subsequent signaling and data communication takes place through the legacy network MSC server after the SRVCC HO is completed.

B

After SRVCC HO

2G/3G MSC Server

2G/3G

A

User A Moved from LTE to 2G/3G Coverage Area Triggering a SRVCC HO

LTE PSTN

IMS

P-GW

2G/3G

A

2G/3G

Figure 6.7  Illustration: VoLTE call HO through SRVCC feature.

Interworking and Interoperations of Mobile Communications Networks ●●

How does SRVCC work? –– Indication of Feature Support

An LTE UE indicates its SRVCC capability information through the class mark and network capability information sent along with the ATTACH Request message, refer to TS 24.301  [46], to the MME. MME indicates the SRVCC capability of a UE through the SRVCC operation possible IE in the INITIAL CONTEXT SETUP REQUEST MESSAGE, refer to TS 36.413 [97], to the eNodeB. MME may also request the SRVCC capability of a UE by sending the message UE Radio Capability Match Request (see Section 5.3.14 TS 23.401 [39]) to the UE through the eNodeB. Any subsequent changes in the SRVCC capability of a UE are also updated to the HSS by the MME. –– Initiation of Handover of LTE IMS Voice Call (VoLTE) SRVCC works by performing the handover of the ongoing VoLTE call as well as data session over IMS to the legacy GERAN/UTRAN network. Initiation of a handover operation works the same way as the normal handover procedure based on the signal-level measurement reports reported from the UE to the E-UTRAN. The source eNodeB sends the HANDOVER REQUIRED message, refer to TS 36.413 [97], to the MME with the SRVCC HO Indication IE for a handover of the existing VoLTE call. SRVCC HO Indication may be PS or PS and CS type. MME, in turn, initiates the SRVCC request to the MSC server. The MSC server prepares and executes the handover of the IMS voice call successfully. For further illustrations of the VoLTE call handover through the SRVCC method, refer to Figures 4.2.2-1 and 4.2.3-1, TS 23.216 [35]. –– Handover of PS Call/Data Session The handover of an ongoing PS call during an SRVCC procedure is performed as usual as per the normal interRAT handover procedures. For further illustrations of the inter-RAT handover procedures, refer to Section 5.2.2 TS 23.401 [39].

6.2.3  Interworking for Voice Call Through LTE/EPS: CSFB In this interworking scenario, the provision for making a voice call for a UE registered with an LTE network is facilitated through the reuse of the legacy GERAN/UTRAN. The provision for making a voice call by an LTE/EPS registered UE through the legacy GERAN/UTRAN is known as the CSFB method; refer to TS 23.272 [38]. One such illustration of the interworking of network elements for CSFB arrangement is shown in Figure 6.8. A CSFB feature may be used by: Figure 6.8  Illustration: legacy and LTE network interworking for CSFB.

GSM RAN

A

BSC

Gb

IuCS

N UMTS PS Core Net

UMTS UTRAN

Um Uu

GSM CS Core Network ISUP MSC GMSC Server ……...S

IuPS RNC

SGSN

…..

S12 S4

MS Uu

S3

LTE E-UTRAN

S1 S1 ENodeB

Gn GGSN

M N

. Gi

WWW

SGs LTE EPC P

MME S5

S-GW

PSTN

P L

L SGi P-GW

……...

M N

85

86

Mobile Communications Systems Development ●● ●●

An MO or MT LTE UE that does not have the voice-over IMS or VoLTE capability Other scenarios such as VoLTE-capable UE that fails to register in the IMS.

Unlike the interworking scenarios for VoLTE call as mentioned in Sections 6.2.1 and 6.2.2, no IMS is deployed and interworked as part of the LTE/EPS network with the CSFB arrangement. In this interworking scenario with CSFB arrangement, the LTE/EPS network provides only data services to subscribers. During a CSFB of a CS call, the ongoing PS session may be also transferred to the legacy network through PS HO procedure with reduced data rates. For the CSFB purpose, a new logical interface called SGs is configured between the MME and MSC/Visitor Location Register (VLR) to exchange signaling information only. The SGs logical interface also supports mobility management as well as MO/MT call establishment procedures. For more information on the CSFB, a protocol stack, and procedures supported over the SGs, refer to TS 23.272 [38] and TS 29.118 [68]. SGs interface uses the SCTP [17] layer and IP transport network. The SGs interface is similar to the GPRS/UMTS Gs interface that connects the SGSN and the MSC to provide CS domain services to MS engaged in a PS service. Example 6.2 below describes the status displayed by an LTE/EPS registered UE while making a voice call through the legacy GERAN/UTRAN using the CSFB method. ●●

How does a CSFB work? –– Indication of CSFB Feature Support

A UE indicates its CSFB feature support capability under the UE Network Capability Mandatory IE in the ATTACH Request message that is sent to the MME. The UE specifies the Attach Type as the combined EPS/IMSI Attach Request under the EPS attach type IE. A combined EPS/IMSI ATTACH Request from the UE enables the MME to update the UE location in the MSC/VLR end also over the SGs interface. Refer to TS 23.272 [38] for further details on the EMM procedures supported over the SGs interface. If the EPC network supports the CSFB feature, the same will be informed to the UE in the ATTACH ACCEPT, TS 24.301 [46], message through the IE Attach Result = combined EPS/IMSI attach and Additional update result optional IE. This IE will carry the value “CS Fallback not preferred” toward the UE, indicating that it can use the CSFB method to initiate a CS call through the legacy 2G/3G network. The same IE indicating the supporting of the CSFB feature can be also sent in a TAU ACCEPT message, TS 24.301 [46], from the MME to UE. –– Initiation of CS Call Through the CSFB Method by the UE An LTE UE initiates a CS call through the CSFB method by sending the EMM/NAS EXTENDED SERVICE REQUEST message to the MME. This message can be used to establish an MO or MT CS call through CSFB by indicating the same in the Service type mandatory IE; refer to Section 9.9.3.27, TS 24.301 [46]. Any existing Radio Resource Control (RRC) connection will be released by the E-UTRAN by sending the RRCConnectionRelease, TS36.331  [94], message to the UE with Example 6.2  CSFB: LTE UE Fall-back to CS domain for voice call Assume that a mobile user currently subscribes to a subscription plan consisting of LTE (4G) data along with voice call services provided by an operator. The UE will perform a combined attach, EPS as well as IMSI, procedure with the LTE/EPS network. Also, consider that the operator’s LTE/EPS network does not have the IMS facility currently to provide voice-over LTE services to subscribers. The UE may display the type of network, i.e. 4G, which is currently registered with, at the top corner of the handset. Whenever the user attempts to make a voice call or an incoming call arrives for the user, the UE will fall back to either 2G or 3G network which will be shown at the top corner of the handset. Once the voice call completes, the UE will return to and access the LTE/EPS network and registers with it again, showing the 4G status at the top corner of the handset.

Interworking and Interoperations of Mobile Communications Networks ●● ●●

“releaseCause = cs-FallbackHighPriority” for CS fallback to UTRAN or “releaseCause = other” for CS fallback to GERAN.

CSFB method works on the redirection concept where LTE UE is redirected to the target ARFCN of the legacy network. For redirection purposes, the RRCConnectionRelease message will also include the redirectedCarrierInfo IE containing the following information for CSFB: ●● ●●

RAT/RAN, i.e. GERAN, UTRAN, and E-UTRAN, to be redirected. Corresponding Carrier Frequency, also called ARFCN, to be used by the UE.

For the various options of RATs that are allowed for CSFB purposes, refer to TS 36.331 [94]. The UE tunes to the indicated carrier frequency/ARFCN of the legacy network. To make a CS voice call, UE will start exchanging normal air interface Layer 3 signaling messages with the network as illustrated earlier in Section 2.2.5. Example 6.3 below describes and illustrates the typical signaling messages flows during a mobile originated voice call made by an LTE/EPS registered UE through the legacy GERAN/UTRAN using the CSFB method.

Example 6.3  LTE Voice Call Through GSM Network and CSFB Feature Figure 6.9 illustrates the MO and MT voice CS call scenario made by LTE UEs currently registered in the LTE/ EPS network and shows only the important call flows from the CSFB point of view. The dotted line indicates the absence of the associated call flows, which are not shown in this figure. Assume that the MO UE is engaged in a PS session and the MT UE is currently in the idle condition shown by its current state ECM-IDLE. Note that notification for an incoming CS call to MT UE depends on its current state. If the MT UE is currently in the ●● ●●

ECM-IDLE state, MME notifies an incoming CS call by sending a paging message to the UE. ECM-CONNECTED state, then the MMM notifies an incoming CS call by sending a CS SERVICE NOTIFICATION message to it.

MSC server sends the paging request, SGsAP-PAGING-REQUEST, to the MME over the SGs interface. MME further sent the paging message toward the UE through the eNodeB. MO UE completes the MO CS call as per the normal procedures with the MSC server. MT UE sends a paging response to the MSC server and completes the MT CS call as per the normal procedures illustrated in Figure 2.8 earlier. Following this, both the UEs are connected in the legacy GSM network through CSFB arrangement and start voice/CS call conversations with each other. In this example, illustrated in Figure 6.9, assume that the MT UE disconnected the CS call first, followed by the MO UE. In this case, the GSM BSC instructs both the UEs to release the allocated channels by sending the Channel Release message. This message also contains the LTE EARFCN number, indicating the UEs that they should return to the LTE network. Because of this, both the UEs perform their TAU procedure toward the MME to inform their current location within the LTE/EPS network. In all of the air interface Layer 3 messages used for making a CS call in the legacy network, the flags CSMO, for the originating side, and CSMT, for the terminating side, are used and set accordingly to indicate to the receiving network element that the message is for CSFB purpose. These flags refer to TS 24.008 [45], are shown in Figure 6.9 illustration. Table 6.1 summarizes the network elements, their logical interfaces, and the related 3GPP TSs to support voice calls for LTE/EPS registered UE through the CSFB and SVRCC features.

87

88

Mobile Communications Systems Development

MO UE

ENodeB

MT UE

ECMCONNECTED

MME

BSC

MSC

ECM-IDLE

Extended Service Request [.Service Type = mobile originating CS fallback...] RRCConnectionRelease [..releaseCause = other..redirectedCarrierInfo = geran..Carrier Freq = XX..] …………………………………………………………………………………………… CM Service Request [CSMO = 1,,,] ……………………..MO CS CALL SETUP………………………………………..… SGsAP-PAGING-REQUEST Paging Paging RRC Connection Establishment Done Extended Service Request [.Service Type = mobile Terminating CS fall back...CSFB Response = 1] ………………………………………………………………………………. Paging Response [, CSMT=1] . ……MT CS CALL SETUP……..………….. ……….…CS Voice path Established and conversation gins……….. ………………………….CS Voice Calls connected…………………………… Channel Release [...Cell selection indicator after release of all TCH and SDCCH value part [.EARFCN = XX] Channel Release [Cell selection indicator after release of all TCH and SDCCH value part […EARFCN=XX...] TAU Tracking Area Update UE is registered with the EPS Network

Figure 6.9  Illustration: LTE voice call: MO-MT voice call through CSFB. Table 6.1  Interworking methods: network elements and their logical interfaces. Interworking Methods

Network Elements

Logical Interfaces

Related 3GPP TSs

CSFB

MME, MSC Server

SGs

23.272, 29.118, 36.413, 24.301, 23.401

SRVCC

MME, MSC Server SGSN, MSC Server

Sv

29.280, 23.401, 36.413

6.3  ­Interworking Through Legacy Network Elements Figure 1(b), TS 23.002 [29], presents a basic interworking of the GSM, UMTS, and LTE/EPS networks that can be deployed by an operator with entirely new and upgraded/enhanced legacy network elements, e.g. SGSN, MSC, and RNC. However, another operator may choose to interwork its LTE/EPC network with the legacy GSM, GPRS,

Interworking and Interoperations of Mobile Communications Networks

GERAN UTRAN

Gn/Gp SGSN Gn

S1-MME

Gr HSS S6a

MME

PCRF

Gn S11

Rx

Gx

S10 UE

E-UTRAN

PGW

SGW S1u

SGi

Operator's IP Service (e.g. IMS, PSS, etc.)

S5

Figure 6.10  Interworking of LTE/EPS with GERAN and UTRAN through legacy network elements. Source: © 2015. 3GPP ™ TSs and TRs are the property of ARIB, ATIS, CCSA, ETSI, TSDSI, TTA and TTC who jointly own the copyright in them. © 2015, 3GPP.

and UMTS core network elements, e.g. SGSN and MSC, only as its initial deployment. To realize successful interworking under such a scenario with legacy network elements, the EPC network elements will be required to support the necessary interfaces/protocols also that are used by the legacy core network elements, e.g. SGSN and MSC. One such interworking scenario is shown in Figure 6.10, reproduced from TS 23.401 [39]. In Figure 6.10, only the representative figure for the GERAN and UTRAN networks along with the legacy SGSN is shown. The Gn interface works on top of the GTP and is used by the legacy GPRS and UMTS SGSN to communicate with the GGSN of a GPRS and UMTS network. The LTE/EPC MME communicates with the legacy SGSN over the Gn interface. LTE/EPC S-GW also interfaces with the legacy SGSN through the Gn interface. The EPC HSS communicates with the SGSN through the existing Gr interface that works on top of the SS7 signaling protocols. On the other hand, the HSS communicates with the MME through the S6a interface that works on top of IP transport.

6.4  ­Interworking Between LTE/EPS and 5G Systems In the previous section, interworking among the legacy systems has been described. To support seamless mobile communications services to subscribers during the inter-system movement, the 5G system also provides interworking capabilities to operators. However, the 5G system supports interworking with the LTE/EPS only. For interworking between the 5G system and the LTE/EPS, the 3GPP defines a new inter core networks logical interface called N26 between the Access and Management Function (AMF) in 5G core network and the MME in the LTE/EPC network. It may be noted that interworking between the LTE/EPS and the 5G system can also take place without the presence of the N26  interface. Further, depending on the availability of the N26  interface between the 5GC/AMF and LTE/EPS MME for interworking between them, a UE can operate in one of the following modes: ●●

●●

Single Registration Mode, where the N26  logical interface is available between the 5GC/AMF and LTE/ EPS MME. Dual Registration Mode, where the N26  logical interface is not available between the 5GC/AMF and LTE/ EPS MME.

Interworking between the 5G and the LTE/EPS with or without the N26 logical interface shall be described later in Chapter 16.

89

90

Mobile Communications Systems Development

6.5  ­Interoperations of Networks: LTE/EPS Roaming The roaming capability of a mobile communications network makes it possible to offer seamless voice and data services by a network operator to its subscribers while traveling outside of their home network and location and enter into a network that is run by the same or different operator in a different location. Roaming services are delivered to subscribers through the interoperation of networks operated by the same or another operator. Interoperation, in turn, is achieved through the interworking of network elements and interfaces as described in the previous sections. In the previous Sections 6.2 and 6.3, we have presented the interworking of the GSM, GPRS UMTS, and LTE/ EPS networks, through the enhanced as well as legacy network elements, run by an operator. In this section, we further present the interoperations and interworking of mobile communications networks operated by different operators in different regions to provide roaming services to subscribers. A mobile communications network operated by an operator to provide communications services in a particular area/location is known as the Public Land Mobile Network (PLMN). A PLMN is uniquely identified, also see Section 5.2, by the combination of an MCC and MNC of an operator. Within a PLMN, an operator may provide both the voice (CS) and data services to subscribers. The PLMN in which an MS/UE is currently subscribed and registered in an LTE/EPS network is known as the home PLMN (HPLMN). The PLMN of either the same or different operator in which an MS/ UE is currently roaming into and accessed the visited LTE/EPS network is known as the visiting PLMN (VPLMN).

6.5.1  Roaming Through Interoperations of Enhanced Networks Elements In this interoperation and roaming scenario, the enhanced network elements for the LTE/EPS network are deployed both in the HPLMN and the VPLMN. There are two ways to transfer user data between the UE and the Internet in case of roaming between two different PLMNs with the enhanced network elements. To enable such roaming scenarios, new logical interfaces are used to interconnect among the network elements as described below: ●●

Routing of User Data by the HPLMN

In this interoperation arrangement, Figure 6.11, the roaming user data is routed from the VPLMN’s S-GW back to the HPLMN packet data network (PGW) gateway. This means that a roaming user has access to the HPLMN’s services and resources from the VPLMN. Figure 6.11  LTE/EPS Roaming: routing of user data by the HPLMN for roaming user.

HPLMN MME

SGW WWW

UE

P-GW

HSS

eNodeB

EPC S6a

VPLMN S8

MME

……

WWW

UE eNodeB

P-GW

SGW EPC

Interworking and Interoperations of Mobile Communications Networks

To route the roaming user traffic by the HPLMN, the VPLMN S-GW and the HPLMN PGW are interconnected through the S8 logical interface as shown in Figure 6.11. S8 interface uses the GTP to tunnel user data from the VPLMN S-GW to HPLMN PDN. Apart from this, the HSS of the HPLMN and the MME of the VPLMN are ­interconnected through the S6a interface through which the UE’s current location and also the subscriber’s ­information are exchanged between them. In Figure 6.11, the thin dashed line represents the boundary that separates the HPLMN and the VPLMN. The arrow represents that the UE has left its HPLMN and registered with the VPLMN. ●●

Routing of User Data by the VPLMN

In this interoperation arrangement, Figure 6.12, the roaming user data is routed by the VPLMN PGW gateway to the external PGW. Unlike the previous scenario, Figure 6.11, no user data is routed back from the VPLMN to the HPLMN. Because of this, it is also known as the local breakout, refer to TS 23.401 [39], roaming scenario. Also, the Policy and Charging Rules Function (PCRF) deployed at the HPLMN and VPLMN requires to exchange of subscriber and policy control-related information between them over the S9 interface. The PCRF is the centralized policy and charging-related control network element that is part of the LTE/EPC; refer to Figure  1(b) TS 23.002  [29]. PCRF works based on the subscription information of a user and supports both the roaming and nonroaming users. PCRF meets the charging requirement of different categories of subscribers, for example, volumebased, time-based charging. PCRF may deny the information flow of a subscriber based on its subscription profile. For a roaming user whose traffic is routed by the VPLMN, the UE has two associations with both the home PCRF (HPCRF) and visited PCRF (VPCRF). HPCRF and VPCRF exchange policy and charging-related information for a particular subscriber and its profile. PCRF has a couple of logical interfaces toward other servers/ nodes to perform various functions and requirements. Typical functions include the charging, policy ­enforcement, QoS control, usages monitoring, user traffic congestion detection, and mitigation at the radio access network level. For more information on PCRF, its reference architecture, and logical interfaces, refer to TS 23.203 [33].

Figure 6.12  LTE/EPS Roaming: routing of user data by the VPLMN for roaming user.

HPLMN MME

SGW

P-GW

WWW

………

UE

HPCRF

HSS

eNodeB

S9 S6a

EPC

VPLMN MME

VPCRF ………

UE eNodeB

P-GW

SGW EPC

WWW

91

92

Mobile Communications Systems Development

GERAN

Gr

UTRAN

Gn/Gp SGSN

HSS S6a

Gn S1-MME

vPLMN hPLMN

MME

PCRF

Gp S10

Rx

Gx

S11

SGi UE

E-UTRAN

PGW

SGW S1u

Operator's IP Services (e.g. IMS, PSS etc.)

S8

Figure 6.13  Roaming through interoperation of legacy network elements. Source: © 2015. 3GPP ™ TSs and TRs are the property of ARIB, ATIS, CCSA, ETSI, TSDSI, TTA and TTC who jointly own the copyright in them. © 2015, 3GPP.

6.5.2  Roaming Through Interoperations of Legacy Networks Elements This interoperation arrangement, Figure  6.13, which is reproduced from TS 23.401  [39], is similar to the one shown in Figure 6.11, except that the legacy GPRS and UMTS SGSN with the Gn interface capability are deployed by the VPLMN operator. Also, both the VPLMN SGSN and the HPLMN PGW are connected through the Gp interface. The roaming user data is routed from the VPLMN S-GW back to the HPLMN PGW gateway, i.e. a roaming user has access to the HPLMNs services and resources from the VPLMN. The VPLMN S-GW and the HPLMN PGW are interconnected through the same S8 logical interface; refer to TS 23.401 [39].

6.6  ­UE Mode of Operation In the previous sections, we have described the interworking scenarios that allow the coexistence of the legacy GSM, GPRS, UMTS with the LTE/EPS, and IMS networks. Interworking and interoperations provide communications services within a PLMN or between PLMNs for roaming users. The ability to provide a particular communications service to a subscriber through interworking and interoperations of networks depends on the capability, e.g. multiple radio access technologies (RAT), of a particular UE/MS and its network configurations. Based on its capabilities, a UE/MS may operate in a particular mode or more than one mode at a time. ●●

Mode of operations

Table 6.2 summarizes the mode of operations that an MS/UE can operate within the GPRS, UMTS, and LTE/ EPS systems. For more details on the individual mode of operation, refer to TS 24.301 [46] and TS 23.060 [31]. A mode of operation determines the availability of types of services, i.e. CS or PS, to a UE. The capabilities of an MS/UE are specified in terms of its ability to provide either the CS service or PS service at a time only or both the types of services at the same time to a subscriber. For these purposes, an MS/UE should be able to register itself with the CS domain and PS domain core networks simultaneously. In addition to this, for an E-UTRAN UE, it should also support multiple RATs to provide communication services through the legacy networks in case the IMS is not available/interfaced with LTE/EPC. UE mode of operations in the case of the 5G system has been described briefly in Section 6.4. ●●

How an MS/UE provides its mode of operation to the CN: Domain Preference

To facilitate voice or data services to a subscriber in a GPRS/UMTS and LTE/EPS network, an MS/UE provides its mode of operation preference under the Attach Type IE in the ATTACH Request message, TS 24.301 [46], TS

Interworking and Interoperations of Mobile Communications Networks

Table 6.2  GPRS, UMTS, and LTE UE mode of operation.

System

MS/UE Mode of Operation

Purposes

GPRS

Class A

MS registered with CS and PS domains, for voice and data services at the same time.

Class B

MS registered with CS and PS domains. Either voice or data service is possible at a time.

Class C

MS registered with PS domain only, for data service is possible.

CS/PS Mode

Similar to GPRS Class-A mode.

PS Mode

Similar to GPRS Class-C mode.

CS Mode

UE registered with CS domain only, for voice service.

PS Mode 1

UE registered with the EPS network only. UE’s usage is a voice-centric service only.

PS Mode 2

UE registered with the EPS network only. UE’s usage is a data-centric service only.

CS/PS Mode 1

UE registered with EPS and CS domain legacy networks for EPS and non-EPS services. UE’s usage is voice-centric service only.

CS/PS Mode 2

UE registered with EPS and CS domain legacy networks for EPS and non-EPS services. UE’s usage is data-centric service only.

UMTS

LTE

24.008 [45], that is sent to the core network. In a GPRS/UMTS and LTE/EPS network, the MS/UE sets the Attach Type IE to GPRS Attach and EPS Attach only to enable the PS services only. Similarly, in a GPRS/UMTS and LTE/ EPS network, the MS/UE sets the Attach Type IE to Combined GPRS/IMSI attach and Combined EPS/IMSI attach to enable both the voice and data services to a user. A UE ATTACH Request contains an optional IE: Voice domain preference and UE’s usage setting, refer to TS 24.301 [46], TS 24.008 [45], using which a UE can provide additional information on its corresponding mode of operation to the core network. Using the optional IE: Voice domain preference and UE’s usage setting, an E-UTRAN UE indicates its CSFB (to the legacy 2G or 3G network for a voice call) capability in case the network or the UE does not support VoLTE call or the UE fails to registers with the IMS. Note: Till the TS 24.008 [45] 9.1.0 version, the CSFB capability of a UTRAN UE was indicated within the MS Network Capability mandatory IE in the UE ATTACH Request message to the GPRS core network. However, from TS 24.008 9.2.0 version onwards, the CSFB capability information is conveyed to the GPRS core network through the Voice domain preference and UE’s usage setting optional IE only. This IE is also used by an E-UTRAN UE to convey its CSFB capability information in the ATTACH Request message to the LTE/EPC. CSFB capability information is no longer part of the MS Network Capability IE.

●●

E-UTRAN UE Mode of Operations and Their Transitions

In this paragraph, the mode of operation of an E-UTRAN UE, as mentioned in Table 6.2, is further described. An E-UTRAN UE registered with an LTE/EPS network for EPS only services is said to be operating in PS mode. An E-UTRAN UE registered with LTE/EPS and legacy GSM/UMTS network for EPS and non-EPS, i.e. voice, SMS, services are said to be operating in CS/PS mode. In addition to this, an E-UTRAN UE may be required to switch between the PS and CS/PS modes of operation, and vice versa, because of various reasons that take place at the network level at runtime without the user’s notice. Some of the typical reasons are as follows: –– Unavailability of CSFB feature, –– Unavailability of IMS, –– Changes in preferences, network operations,

93

94

Mobile Communications Systems Development

–– Roaming, and –– Failure to register with an IMS. An E-UTRAN UE may be also required to switch between the PS and CS/PS mode of operations, and vice versa, because of a user action. For example, consider that a VoLTE-capable UE is registered with the LTE/EPC and IMS. The user has turned off the VoLTE preference in the handset, making the UE unable to facilitate voice-over IMS to the user. In such a case, the UE is required to register with the CS domain core network so that it can fall back to the legacy network to facilitate voice calls to the user. As a result of the transition from the PS to CS/PS mode of operations, and vice versa, a UE requires to perform protocol-related procedures so that it can stay updated with the core network with its current location information and continue enabling seamless voice and data services to a user. Examples 6.4 and 6.5 below highlight the information passed by a UE as part of its signaling messages to the LTE/EPC network based on the UE mode of operations described above. Example 6.4  UE usage setting and voice domain preference during LTE/EPS Attach Procedure During the initial rollout of an LTE/EPS network, an operator may not have the IMS to offer its VoLTE services to subscribers. In such a scenario, the operator will be required to provide voice services to subscribers through the existing legacy GSM/UMTS network. The arrangement of providing voice service to an E-UTRAN UE and its user is known as the CSFB method, as described earlier in Section 6.2.3, creating a UE context between the MME and the MSC over SGs interface. In this interworking scenario, the E-UTRAN UE will send the following information during its initial registration, through the ATTACH Request procedure, with the LTE/EPC. ●●

UE to EPC (ATTACH Request) –– Attach Type = Combined EPS/IMSI Attach –– UE Usage Setting = Voice Centric –– Voice domain preference = CS Voice Only

The above UE Usage Setting and the voice domain preference information may also be sent by a UE if it is not VoLTE capable or fails to register with the IMS. The LTE/EPC will send the following information as part of the ATTACH ACCEPT message to the UE: ●●

EPC to UE (ATTACH Accept) –– EPS Attach Result = combined EPS/IMSI attach –– Additional Update Result = CS fallback not preferred

Example 6.5  UE usage setting and voice domain preference during LTE/EPS Attach Procedure with IMS For a VoLTE only capable E-UTRAN UE and LTE/EPC with IMS capability, the UE will send the following information during its initial registration, through the ATTACH Request message, procedure with the EPC: ●●

UE to EPC (ATTACH Request) –– UE Usage Setting = Data-Centric –– Voice domain preference = IMS Voice Only The LTE/EPC will send the following information as part of the ATTACH ACCEPT message to the UE:

●●

EPC to UE (ATTACH Accept) –– EPS Attach Result = EPS Only –– EPS network feature support = IMS voice-over PS session in S1 mode supported

For more details on the UE mode of operations, its usages, voice domain preference, and the tasks performed in each transition, refer to TS 24.301 [46].

Interworking and Interoperations of Mobile Communications Networks

6.7  ­Function of E-UTRAN in a VoLTE Call The nature of VoLTE traffic is different from normal IP/data traffic. The IP packets size of a VoLTE traffic is small and is predictable, whereas the IP packets of normal data services are larger than voice packets, busty in nature, and may be downloaded or uploaded quickly. After normal IP packets transfer, radio resources allocated to the UE may be released by the eNodeB. The allocation and releasing of radio resources between UEs and the eNodeB for normal IP traffic is dynamic in nature and involves signaling overhead over the LTE air interface. Unlike normal IP traffic, the data rate of voice packets of a VoLTE call is low and remains the same throughout the conversation. Thus, the same radio resources may be allocated semi-statically for the entire duration of the session, and no additional radio resources are required to be allocated dynamically by the eNodeB. Because of this, a semi-static allocation of radio resources reduces the signaling overhead between the UE and eNodeB. In addition to this, the UE is also not required to monitor the downlink Physical Downlink Control Channel (PDCCH) for additional resources. During a voice call, only one party talks at a time while the other party listens. To support all the above aspects of a VoLTE call over an IMS, the following functionalities are required to be made available and enabled in the E-UTRAN (UE and eNodeB) for rich user experience and an optimum allocation and usages of radio resources over the LTE air interface. ●●

●●

●● ●●

Semi-Persistent Scheduling, for allocation of semi-static radio resources to a UE, thus reducing signaling and scheduling overhead between UE and eNodeB. Discontinuous Reception (DRX), to lengthen the battery life of UE that does not require to monitor the PDCCH continuously. Robust header Compression, for reducing the IP Header size for voice traffic. Transmission Time Interval (TTI) bundling, enabling a UE, located at the cell edge, to transmit in UL in four subframes in a row. TTI bundling increases the possibility of receiving of time-sensitive voice traffic packets successfully from UE to eNodeB. TTI bundling avoids the retransmission requirements that would, otherwise, involve signaling overhead and cause a delay in receiving voice packets from UE to eNodeB, resulting in poor user experience.

Support of all of the above functionalities is implemented at the LTE/E-UTRAN air interface Layer 2 Medium Access Control (MAC) protocol. For more information on these functionalities toward a VoLTE call, refer to TS 36.321  [93]. The related MAC layer parameters for a VoLTE call are configured by the RRC layer of the E-UTRAN. Apart from the MAC Layer, the Radio Link Control (RLC) layer also facilitates acknowledged mode (AM), for SIP signaling, an unacknowledged mode (UM), transfer functions for voice traffic.

­Chapter Summary This chapter presented the seamless mobile communications services provided by operators to their subscribers through the interworking and interoperations of mobile communications networks operated by them. Interoperations among the networks are important to offer communication services to roaming users. Interworking and interoperations between two network elements or different networks are established by introducing new logical interfaces that connect enhanced or upgraded network elements. Core network elements, e.g. MSC, SGSN, and MME, are upgraded to support additional interworking functions in an LTE/EPS network. This chapter also presented the UE mode of operations that enables a user to make a voice call over a legacy as well as an LTE/EPS network. UE mode of operations is important to achieve the interworking of mobile communications networks. The interworking features, i.e. CSFB and SRVCC, may be deployed as the separately licensed feature on top of an existing network. We then presented the routing methods, either through the home network or visited network, available to route the roaming user data to an external packet network. We closed this chapter with the functions that are required to be performed from the E-UTRAN point of view to support VoLTE calls over IMS.

95

97

7 Load Balancing and Network Sharing ­Introduction One important objective and function of a mobile communications network is to ensure communication services to subscribers round the clock. One way to achieve this is by eliminating the possibility of a single point of failure of core network elements. For these purposes, the core network elements of an operator can be configured in a pool that serves the newly registered subscribers in an equally loaded manner and provides communications ­services in a load balancing way. Since the beginning of the Global System for Mobile Communication (GSM), the GPRS Edge Radio Access Network (GERAN) system, the radio access network (RAN) of a mobile communications network was operated and owned by an operator in a particular area. The cost of owning and operational expenditures of dedicated networks is high for an operator; at the same time, its service coverage area is also limited. To reduce the cost of owning required network infrastructures and increase the service coverages, an operator may come into an agreement on the sharing of the RAN or core network of another network operator and provide its own communications services through the shared networks. This chapter presents the load balancing and RAN sharing features that are described in 3rd Generation Partnership Project (3GPP) specifications. These are the optional features that an operator may choose to deploy in an existing GSM, Universal Mobile Telecommunication System (UMTS), Long‐Term Evolution (LTE)/Evolved Packet System (EPS), or 5G network.

7.1 ­Core Network Elements Load Balancing In a typical deployment of a mobile communications network run by a particular operator, i.e. Public Land Mobile Network (PLMN), one RAN element, i.e. a base station controller (BSC), a Radio Network Controller (RNC), or an eNodeB or a 5G Next‐Generation Radio Access Network (NG‐RAN), is connected to default or single‐core network element, i.e. Mobile Switching Center (MSC), Serving GPRS Support Node (SGSN), Mobility Management Entity (MME)/Serving Gateway (S‐GW), or 5G core Access and Mobility Management Function (AMF). Such a deployment scenario of a core network element may not ensure the availability of its services all the time and may result in service outages. To avoid a single point of failure for both the control and user plane layers of the core network point of view, a redundant and active core network element may be also configured. In such a network configuration, a RAN element is connected to more than one core network element that serves in parallel. See Figure 7.1 for an illustration, which is reproduced from TS 36.410 [96]. It shows the connection of an LTE Evolved‐UMTS Terrestrial Radio Access Network (E‐UTRAN) eNodeBs to respective multiple Evolved Packet Core (EPC) core network elements. In case one MME or S‐GW goes down the other, one shall continue to provide mobile communications services. Mobile Communications Systems Development: A Practical Introduction to System Understanding, Implementation, and Deployment, First Edition. Rajib Taid. © 2021 John Wiley & Sons Ltd. Published 2021 by John Wiley & Sons Ltd.

98

Mobile Communications Systems Development

EUTRAN

EPC “S1-MME” MME MME

eNode B

S-GTW

eNode B

S-GTW

“S1-U”

Figure 7.1  LTE/E‐UTRAN eNodeB connected to multiple core network (CN) element. Source: © 2012. 3GPP ™ TSs and TRs are the property of ARIB, ATIS, CCSA, ETSI, TSDSI, TTA and TTC who jointly own the copyright in them. © 2012, 3GPP.

Multiple MME/S‐GW may be configured to form an MME/S‐GW pool. In case one MME/S‐GW goes down the other, one will continue to provide mobile communications services to subscribers. Similarly, a GSM BSC may be connected to more than one MSC in the Circuit‐switched (CS) domain or SGSN in the General Packet Radio Service (GPRS) Packet‐Switched (PS) domain. The MSCs form the MSC pool area, and the SGSNs form the SGSN pool area. In the 5G system and network also, an NG‐RAN may be connected to more than one core network element, as illustrated in Figure 7.2. The AMF network function element performs the mobility management only‐related functions, similar to the LTE/EPS MME, of a 5G network. As illustrated, a set of AMFs forms an AMF set that serves a particular service area or AMF set area. A set of AMF set forms an AMF region. On behalf of a User Equipment (UE), the NG‐RAN selects an AMF set and an AMF within the set using the identity, i.e. 5G S‐ Temporary Mobile Subscription Identifier (5G‐S‐TMSI) or Globally Unique AMF ID (GUAMI), provided by the UE. These network element identities used in the 5G system shall be described later in Chapter 16. In general, the RAN element, i.e. the BSC or RNC or the eNodeB or NG‐RAN, selects and assigns an appropriate core network element, i.e. MSC or SGSN or MME or AMF during an initial mobile station (MS)/UE registration procedure with the core network. The selection procedure of a core network element is also called as the AMF Region AMF Set 1 AMF Pointer

AMF1 (5G-TMSI)

AMF2 (5G-TMSI)

AMF Set n

AMFn (5G-TMSI) Area n

Area 1 5G Core Network

gNB

5G NG-RAN

Figure 7.2  Illustration: 5G NG‐RAN connected to multiple AMF sets.

Load Balancing and Network Sharing

Non‐access Stratum (NAS) Node Selection Function (NNSF). Based on the capacity or weight factor, which is an Operation and Maintenance (O&M) configurable, of the individual core network element, an NNSF selects an appropriate core network element from the available pool or set. The NNSF procedure that is performed by the RAN element is implementation dependent. A typical NNSF is described in Section 7.1.2. Prior to that, the method of deriving the identity of a core network element, i.e. MSC, SGSN, or MME/S‐GW only, is described in Section 7.1.1. Further, a RAN node connection to multiple core network elements may be an optional and separately licensed feature.

7.1.1  Identification of NAS Node: NRI and Its Source As part of a UE/MS registration procedure with the core network, a temporary identity is assigned to the UE/MS by the concerned core network element. In the GSM system, the MSC assigns a TMSI to an MS; in the GPRS and UMTS system, the SGSN assigns a P‐TMSI to an MS. In the LTE/EPS system, the MME assigns a Globally Unique Temporary Identifier (GUTI) to a UE that consists of its unique MME code within an MME pool. The TMSI, P‐TMSI, and GUTI were described earlier in Chapter 5. In fact, a Network Resource Identifier (NRI) is derived from its corresponding temporary identity. Table 7.1 lists the NRI and its corresponding source in a GSM, GPRS/UMTS, and LTE/EPS network. An NRI enables the RAN element to forward the user traffic to the correct core network element. The mapping of an NRI into a P‐TMSI was illustrated earlier in Chapter 5. As shown in Table 7.1, in the case of the UMTS system, the NRI corresponds to the Intra Domain NAS Node Selector (IDNNS), which can be derived from the TMSI, International Mobile Subscriber Identity (IMSI), or International Mobile Equipment Identity (IMEI). The IDNNS is provided by the UMTS UE in the INITIAL DIRECT TRANSFER message to the UTRAN to transfer a NAS layer message to the concerned UMTS core network node. In case an E‐UTRAN UE moves to a UTRAN/ GERAN area, then the MME code is assigned to the 8‐Most Significant Bits (MSBs) of the GERAN NRI. Similarly, in case a GERAN UE moves to an E‐UTRAN area, then the 8‐MSBs of an NRI is assigned to the MME code. Further, the RAN, i.e. BSC or RNC or the eNodeB, requires maintaining a database of mapping an NRI and its corresponding NAS node, i.e. MSC or SGSN or MME/S‐GW to route a UE/MS uplink traffic. Table 7.1  NRI and its source identifier. System

CN Indicator

Source

Lengths

GSM

NRI

TMSI

10‐bits

GPRS

NRI

P‐TMSI

10‐bits

UMTS

NRI

IDNNS

10‐bits

LTE/EPS

NRI

MME code

8‐bits

7.1.2  NAS Node Selection Function As illustrated in Figures 7.1 and 7.2, a RAN element, e.g. eNodeB, can be connected to respective multiple core network elements. A RAN selects and assigns a core network element, i.e. MSC, SGSN, MME, or AMF, to a UE/MS during its registration process with the core network. For the selection and allocation of a concerned core network element by the RAN, a simple round‐robin or weighted round‐robin (WRR) procedure may be used. The weight or capacity of a core network element, i.e. MSC, SGSN, MME, or 5G core AMF, in terms of the ­processing/serving capacity of MS/UE is O&M configurable. For these purposes, the concerned core network

99

100

Mobile Communications Systems Development

element provides its weight information to the RAN over the respective core network interface. In the case of LTE/EPS, it is the MME that provides its UE serving capacity information to the E‐UTRAN. In the case of the 5G system, it is the 5G core AMF that provides its UE serving capacity information to the NG‐RAN. In the case of GPRS or UMTS, it is the SGSN that provides its capacity information in terms of signaling weight or data weight to the BSC. Once a mobile device registers with a particular core network element, say the MSC or SGSN or MME or AMF, subsequent uplink traffic is routed to that particular network element only. If the RAN node, say the BSC, cannot find a core network element based on the NRI value, the RAN may drop the user traffic instead of forwarding it to the core network. NNSF for the selection of a core network element or node from a pool of MSCs or SGSNs or MMEs or AMFs is important as it allocates and distributes MSs/UEs in a load balancing way, in proportion to the individually assigned weight factor, among the pooled core network nodes/elements. An NNSF works based on the weight/ capacity information as configured by the O&M operator for each core network element. An NNSF is illustrated in Figure 7.3 in the case of an LTE/EPS network. ●●

NAS Node Selection Using WRR Procedure

Let us consider the selection and allocation of an MME to its UEs from an MME pool by the eNodeB. The maximum number of MMEs in an MME pool is 256; refer to TS 36.413 [97]. Each MME is assigned a unique MME code (MMEC). The MME provides its processing capability, in terms of the number of serving UEs, through the Relative MME Capacity IE in the S1 Setup Response to the eNodeB; refer to TS 36.413 [97]. The value of the Relative MME Capacity ranges from 0 to 255. During the runtime, if the capability or weight of an MME changes due to the O&M intervention, the new capability is conveyed to the eNodeB through the MME CONFIGURATION UPDATE message. Note that the capability/weight assigned by the O&M operator is a relative one with respect to the other MMEs in the pool. To select and allocate an MME from a pool in a load balancing way, the relative capability/weight of an MME may be normalized, say in the range of 0–255. This can be further considered as the granularity or scale factor for allocating several UEs proportionally to an MME. Using the granularity of 255 and the relative weights of MMEs, in terms of the actual number of UEs to be served by an MME can be calculated. NAS Node selection and allocation using the WRR method is illustrated with an Example 7.1 and Figure 7.3.

Core Network Domain Weight = 20

Access Network Domain

UE UE

UE

Weight = 20 UE

MME 1 NRI = 1

UE

MME 2 NRI = 2

UEs

UE MME 3 Weight = 30 eNodeB

UEs

NRI = 3

UE MME Pool UE

UE

Logical Interface

Figure 7.3  Illustration: typical MME selection and allocation to UEs using WRR method.

Load Balancing and Network Sharing

Example 7.1  Typical LTE/EPC MME Selection and Allocation for Load Balancing Using the WRR Method Figure 7.3 illustrates the connection of an eNodeB to three MMEs in an LTE/EPS. Assume that the MME 1 has NRI = 1 and relative weight = 20, MME 2 has NRI = 2 and relative weight = 20, and MME 3 has NRI = 3 and relative weight = 30, as illustrated in the MME pool shown in Figure 7.3. It is assumed that MME 3 is the high‐capacity MME. The normalized weight in terms of the number of actual UEs to be assigned to the respective MME may be calculated as follows: Normalized Weight of MME

Relative Capacity of an MME * Granularity

Sum of Weight of MME 1

N

Normalized Weight of MME1 (20 * 255) / (20 20 30) 73 Normalized Weight of MME2 (20 * 255) / (20 20 30) 73 Normalized Weight of MME3 (30 * 255) / (20 20 30) 109 From the above typical illustration, it is observed that the MMEs are assigned with the relative weight/ capability in the proportion and ratio of 20 : 20 : 30. Now, using the WRR method, ●● ●●

MME 1 and MME 2 can be assigned to serve 73 UEs each in actual and MME 3 can be assigned to serve 109 UEs in actual.

The allocation and distribution of MMEs in the pool using the WRR method, with the granularity of 255 UEs, is illustrated in Table 7.2 below. This table shows the ideal distribution, and hence achieving load balancing, of the number of 255 UEs served by the respective MME based on its normalized weight. First of all, MME 3 is allocated to the UE1; second, MME 2 is allocated to UE2; third, MME 1 is allocated to the UE3; fourth, MME 3 is allocated UE4; and so on. In this table, the total number of UEs served by all the MMEs in the pool is 255, which is the granularity factor as mentioned above. Similar to the LTE/EPS network, the UMTS RNC or GSM BSC may also use the WRR approach, as described above, for selecting and assigning a core network element, i.e. MSC or SGSN, to distribute UEs in a load‐balanced way. Figure 7.4 below further illustrates, in general, the core network (CN) node selection and its allocation using the WRR method. Table 7.2    UEs distributions in MME pool using the WRR method.

System

Relative Normalized Weight Weight

MME 1 20

●●

73

UE1 UE2 UE3 ...

0

0

1

...

...

... ... ...

UE255

73

MME 2 20

73

0

1

1

... ... ...

73

MME 3 30

109

1

1

1

... ... ...

109

NAS Node Selection in 5G System

In the 5G system also, an appropriate AMF may be selected based on its capacity/weight factor, as configured by an O&M operator, to distribute and achieve a load balancing proportionately among the AMFs of an AMF set. The 5G core network architecture is based on the multiple instances of software‐based core network functions which are deployed to provide communication services to users over different network slices. In addition to the selection of an AMF in the control plane, a particular network function shall be required to be selected in the user plane also. Different network functions and their selection in the 5G system are described later in Chapter 20.

101

102

Mobile Communications Systems Development

CN 1 Weight = 1

CN n Weight = n

WRR

CN 2 Weight = 2

CN 3 Weight = 3

●●

Figure 7.4  Illustration: core network (CN) node selection and allocation using the WRR method.

Dynamic Assignments of Weights for NAS Node Selection

Different UE processing weights assigned to the core network elements for its allocation through the WRR procedure may be static or dynamic in nature. The O&M operator may reassign a new weight/capability to the concerned core network element, e.g. LTE/EPC MME or GPRS SGSN, in the pool during the runtime. This is achieved as follows: –– LTE/EPC MME can send its new capability/weight information to the eNodeB using the MME CONFIGURATION UPDATE message over the S1 interface; refer to TS 36.413 [97]. The eNodeB will recalculate, select, and assign an MME to UEs as per the new normalized weights. –– The SGSN in a GPRS network can send its new capability/weight information to the BSC using the SNS‐ CHANGEWEIGHT PDU over the Gb interface; refer to TS 48.016 [135]. The BSC will recalculate, select, and assign an SGSN to MSs as per the new normalized weights as the case may be. –– In the 5G system also, the AMF network function may send/update its O&M configurable capability/weight information to the NG‐RAN using the AMF CONFIGURATION UPDATE message. A dynamic WRR method of selection and allocation of a core network node from a pool/set offers the flexibility of performing maintenance activities on a particular core network node without service disruptions. If an O&M operator wishes to block a core network node from further allocation to UEs due to any reason, it can be achieved by assigning a weight  =  0 so that the WRR algorithm does not select the concerned core network node. The blocked core network node, however, continues to serve the existing UEs. Core network element selection using the WRR method is implementation‐dependent from Original Equipment Manufacturer (OEM) to OEM. An OEM may choose to assign the capability or weight of an MME or AMF or SGSN in terms of the number of UEs/MSs to be served by it instead of using the normalized weight value of a core network element as illustrated above.

7.2 ­Network Sharing Typically, a mobile communications network consisting of the RAN and Core Network Systems is owned and run by an operator. It is possible that a network operator, say A, does not have its dedicated RAN but has its core network infrastructures to provide communications services in a particular geographical location. However, another operator, say B, has the dedicated and also shared RAN infrastructures. In such a scenario, the operator A who does not have its RAN infrastructures can come into an agreement with the operator “B” which has the shared RAN infrastructures. The operator “A” provides the communication services through the shared RAN with its own identity, i.e. PLMN. This arrangement of providing communications services through RAN sharing between the operators A and B is known as the Network Sharing feature. As mentioned below, two approaches are available using which operators can share a RAN within a GSM/GPRS, UMTS, or LTE/EPS network.

Load Balancing and Network Sharing

–– RAN sharing, which is known as the Multioperator Core Network (MOCN) feature. –– RAN as well as Core Network Sharing, which is known as the Gateway Core Network (GWCN) feature. The next section describes the RAN sharing through the 3GPP MOCN feature from the GSM/GPRS, UMTS, and LTE/EPS networks point of view.

7.2.1  GSM/GPRS/LTE RAN Sharing Through MOCN Feature In a MOCN configuration, the operators who do not have their dedicated RAN system shall provide their communications services through the shared RAN of another operator as mentioned above. In this configuration/arrangement, only the RAN of an owner operator is shared, while the other participating operators use their core network systems. An illustration is shown in Figure 7.5. The entire configuration/ arrangement is known as the MOCN configuration. The sharing of RAN under the MOCN configuration shown in Figure 7.5 is similar to the network configuration described in Section 7.1 where a RAN node may be connected to a pool of core network elements of a communications network run by a particular network operator. The difference is that under the MOCN configuration, the core network elements are operated by different network operators. Some of the important aspects of the RAN sharing through the MOCN feature are described below: ●●

3GPP Support of MOCN Feature

In the UMTS system, the RAN sharing through the MOCN configuration was made available from the 3GPP Release 6 onwards. In the LTE/EPS, the RAN sharing through the MOCN configuration was made available since its beginning which is from the 3GPP Release 8 onwards. However, in the GERAN, i.e. GSM and UTRAN, system, the RAN sharing through the MOCN configuration was made available only from the 3GPP Release 11 onwards. ●●

MOCN Operator Identification – PLMN

Under the MOCN configuration, each core network operator is distinctly identified by the Public Land Mobile Network (PLMN) identity which consists of Mobile Country Code (MCC) and Mobile Network Code (MNC). The PLMN, or MCC and MNC, is also part of the IMSI of a mobile device. Using the System Information (SI) messages, a particular mobile communication network broadcasts its associated PLMN identification in a cell periodically. To extract the PLMN identity, the mobile device reads the SI messages received from the network and tries to match the received PLMN identity with the PLMN identity derived from its IMSI. If it matches, the mobile device registers with the concerned core network. The respective SI message used to broadcast the multiple PLMN identities in each network, from GSM to LTE/EPS, under the MOCN feature is shown in Table 7.3. Figure 7.5  Illustration: radio access network sharing and MOCN configuration.

CN Operator 1

CN Operator 2

CN Operator N

PLMN1

PLMN2

PLMN.N

e.g. MSC, SGSN, MME

e.g. MSC, SGSN, MME A or Gb or Iu, or S1

..

e.g. MSC, SGSN, MME A or Gb or Iu, or S1

A or Gb or Iu, or S1

Transceiver Shared Radio Access Network e.g. BSC or RNC or eNodeB

103

104

Mobile Communications Systems Development

Table 7.3  System information (SI) messages for MOCN PLMN identities. No. of PLMN Ids

System

SI Message

GSM/GPRS

SYSTEM INFORMATION MESSAGE Type 22 […SI 22 Rest Octets…] TS 44.018 [130]

4

UMTS

Master Information Block […Multiple PLMN List….] TS 25.331 [50]

6

LTE/EPS

SYSTEM INFORMATION BLOCK Type 1 […PLMN Identity List…] TS 36.331 [94]

6

●●

MS/UE Capability

It has been mentioned above that under the GERAN, the MOCN feature was introduced only during 3GPP Release 11. All the pre‐3GPP Release 6 and GERAN UE prior to Release 11 may not support the network sharing capability through the MOCN feature. Depending on the MS/UE and its 3GPP release version, two types of UE/ MS may be found in a network, as mentioned below: –– MOCN supporting MS/UE MOCN supporting MS/UE can decode and process all the PLMN identities that are transmitted by the shared RAN in the respective SI messages, as shown in Table 7.3. From the list of the provided PLMN identities, the UE/ MS selects a particular core network operator using its PLMN identification, as specified in the 3GPP TS 23.122 [32]. The shared RAN forwards the UE data directly to the concerned core network operator and its core network element using the UE indicated PLMN identity. All the UTRAN and E‐UTRAN UEs are MOCN supporting UEs. –– Non‐supporting MS/UE UMTS pre‐3GPP Release 6 and GERAN UE prior to Release 11 are non‐supporting MS/UE categories as these MS/UEs cannot process multiple PLMN identities of different core network operators, as broadcasted by the shared RAN. In a shared network, the non‐supporting UE/MSs use the common PLMN identity which is also used as the identity of a normal or traditional network. A common PLMN identity does not identify any one of the sharing core network operators. The shared RAN broadcasts the common PLMN identity of a cell using the System Information Types 3 and 4. For a non‐supporting UE/MS, the shared RAN may select a particular core network operator in a normal round‐ robin manner and forward the UE initial signaling message, e.g. ATTACH request, Location Area, or Routing Area Update request, to the selected core network element, i.e. MSC or SGSN. However, the selected core network element, i.e. MSC or SGSN, may not accept the requesting UE/MS, due to the roaming agreement restriction. MSC or the SGSN determines the acceptability of the roaming agreement based on the PLMN identity (MCC + MNC) which is derived from the IMSI of the UE/MS. If the MS/UE can be admitted, the MSC or the SGSN sends an acceptance response, e.g. ATTACH accept, Location Area, or Routing Area Update Accept, to the MS/UE. On the other hand, if the UE/MS cannot be accepted by the MSC or the SGSN as selected and forwarded by the shared RAN, the initial signaling message will be rerouted by the shared RAN to the core network element of another core network operator. This process is repeated until the UE/MS is not accepted by a particular core network operator or no more core network operator is left for selection by the shared RAN. The overall time required for the completion of the initial signaling procedure and its messages sent by a non‐supporting UE/MS may be slower. Because in this case the shared RAN will be required to reroute the MS/UE initial signaling message request to the next core network operator, in case of the preceding core network operator, node rejects the MS/UE registration. The reason for rejection may be due to nonroaming agreement between operators or MS/UE CS/PS coordination is required so that both the CS and PS services are served by the same operator.

Load Balancing and Network Sharing ●●

Functions Performed by the Network Elements

Several network elements are affected due to the MOCN feature and perform the typical functions as mentioned below: –– UE/MS From a list of PLMN identities provided by the network, a supporting UTRAN and E‐UTRAN UE select a particular core network operator and its PLMN identity and send it in the initial network registration message to the shared RAN. The shared RAN forward the initial message to the UE selected core network operator. In the case of GERAN, an MS/UE sends the PLMN index instead of PLMN ID to the shared RAN. The shared RAN finds the PLMN ID corresponding to the PLMN index provided by a supporting GERAN UE/MS. The shared RAN forward the initial message to the UE selected core network operator. –– UMTS RNC The RNC extracts the selected core network operator PLMN identity from the RRC layer signaling message sent by the UE and forwards the initial message sent by the UE to the selected core network. –– LTE eNodeB Similar to the RNC, the eNodeB extracts the selected core network operator PLMN identity, selected PLMN‐ Identity, from the RRC layer signaling message sent by the UE and forwards the initial message sent by the UE to the selected core network. –– GSM BSC The GSM shared BSC broadcasts the list of PLMN identities through the SI message that identifies the sharing of core network operators in a particular location area. In the GSM/GPRS, a supporting MS provides the PLMN index along with the initial network registration message sent to the shared RAN/BSC. Using the PLMN index, the BSC will derive the actual PLMN identity of the core network operator and forward the initial message to the selected core network. –– MSC/SGSN For a non‐supporting MS, the MSC and SGSN will notify the shared RAN to reroute the signaling procedure originally initiated by the concerned UE to an MSC or SGSN of another operator. Once the UE is accepted by the routed operator’s core network, the MSC and the SGSN will assign an NRI to the MS so that the subsequent message of the MS can be sent to the concerned MSC or SGSN through the shared RAN. –– MME The E‐UTRAN UEs are supporting types, i.e. a UE will indicate the PLMN ID of the core network operator to the shared RAN in its initial Layer 3 signaling message. The concerned MME will accept the signaling procedure and allocate a GUTI to the UE. –– CS/PS Coordination by Shared RAN for Non‐supporting UE/MS In a traditional mobile communications network, an operator provides both the CS domain and PS domain services to an MS/UE. For these purposes, a ME/UE registers with the CS and PS core network elements of a particular operator. While an MS is engaged in a PS service, an operator’s core network may provide GSM CS services, such as a paging request to an MS for an incoming voice call, through the GPRS PS network. This arrangement, shown in Figure 7.6, is also known as the CS/PS coordination in the GSM network. To enable this, the Gs interface, refer to TS 29.018 [66], is configured between the MSC/VLR and the GPRS SGSN.

105

106

Mobile Communications Systems Development BSSMAP Layer 3 Message [Paging Response […]] BSC A Um MS

PCU BSC

Gb

SGSN

MSC BSSAP+ e.g. Paging Request Gs

Core Network

Figure 7.6  Illustration: GSM/GPRS CS/PS paging through Gs interface between MSC and SGSN.

In the above illustration, Figure 7.6, only a normal GSM CS and PS core network is being shown without a pool of MSCs or SGSNs. If the MSCs or SGSNs are configured in a pool and MSC sent the IMSI as the MS identity, then the SGSN also includes the MSC/VLR identity in the paging request message to the BSC. The MSC/VLR identity is used by the BSC to forward the paging response message from MS to the correct MSC in the pool. Assume that the MSC wants to notify the GPRS MS about an incoming voice call. As illustrated in Figure 7.6, the MSC sent the GSM CS paging request messages to the SGSN through the Gs interface configured between them. The SGSN will further send the GSM CS paging request message to the GPRS Packet Control Unit of the BSC. The BSC will forward the CS paging request message to the MS over the air interface. In return, the MS will send the paging response to the BSC, which will further forward the paging response as the complete Layer 3 message over the A interface to the MSC only, as illustrated in Figure 7.6. The paging response is the Base Station Subsystem Management Application Part (BSSMAP) message between the BSC and the MSC, whereas the paging request through the Gs interface is a Base Station Subsystem Application Part (BSSAP+) message. Similarly, in a shared network also, a supporting UE will register with the same operator for the CS and PS domain services. On the other hand, for a non‐supporting UE in a shared network, the network selects a core network operator and forwards the UE initial Layer 3 signaling message (e.g. ATTACH, Location Area, or Routing Area Update Request). The selected core network element may or may not accept the request made by the UE initial Layer 3 signaling message. If UE/MS is already served by the selected core network, say in the PS domain, then the initial Layer 3 signaling message received from the same UE for the CS domain will be accepted by the core network, resulting in the successful completion of the procedure initiated by the UE. However, if the initial Layer 3 signaling messages from the UE cannot be accepted, the core network will reject the UE request and send a rerouting command, as described below, to the shared RAN with an indication of CS/PS coordination requirement. For more information on the CS/PS coordination, refer to TS 48.008 [134]. From the above description, it is observed that the CS/PS coordination in a non‐shared GSM/GPRS network is performed by the core network through the Gs interface, whereas in a shared network, the CS/PS coordination is performed by the shared RAN. –– Rerouting Function by Shared RAN for Non‐supporting UE/MS A shared network’s rerouting capability makes it possible to use its services by a non‐supporting UE/MS. A shared RAN, i.e. BSC or RNC, performs the rerouting functions for a nonsupporting UE/MS only for its initial Layer 3 signaling messages (e.g. ATTACH, Location Area, or Routing Area Update Request). For a non‐supporting UE/MS, the shared RAN, i.e. BSC or RNC, includes the Reroute Attempt flag, refer to TS 48.008 [134] and TS 48.018 [136], along with the complete initial Layer 3 signaling message to the core network. A Reroute Attempt flag informs the core network node, MSC, to return either a Reroute Command or Reroute Complete, refer to TS 48.008 [134], message to the shared RAN. Similarly, the SGSN will return either a Redirection Indication or Redirection Completed, refer to TS 48.018 [136], TS 25.413 [54], information to the shared RAN. A Reroute or Redirection Completed from the MSC or SGSN indicates its acceptance and successful completion of the procedure initiated by the UE.

Load Balancing and Network Sharing

On the other hand, if the MSC or SGSN cannot accept the UE initial Layer 3 signaling message or procedure, a Reroute Command, refer to TS 48.008 [134], or Redirection Indication, refer to TS 48.018 [136], containing the rejection of the original initial Layer 3 signaling message, will be sent back to the shared RAN. On receiving the Reroute Command or Redirection Indication, the shared RAN will attempt to forward the UE initial Layer 3 signaling message again to another core network. The rerouting process is repeated by the shared RAN as long as a core network does not accept the UE initial Layer 3 signaling. In case no more sharing core network operator is left for selection, the shared RAN will inform the UE about the rejection of the original initial Layer 3 signaling message or procedure. Rejection of a UE initial Layer 3 signaling by the MSC or SGSN for a non‐supporting UE/MS may be required due to the following reasons: a) Roaming is not allowed, i.e. roaming restriction applies to the concerned UE/MS. b) Roaming is allowed but CS/PS coordination is required for the concerned UE/MS. –– IMSI Analysis by the Shared RAN An IMSI is included by the MSC or the SGSN as part of the Reroute Command or Redirection Indication message to the shared RAN in case the UE initial Layer 3 signaling procedure cannot be accepted but is rejected by the MSC or the SGSN. If the rejection is because of the CS/PS coordination requirement, then an IMSI analysis is required by the shared RAN and based on the PLMN identity derived from the IMSI, the UE initial Layer 3 signaling message will be rerouted to the identified core network. ●●

How MOCN Feature Works

The basic aspects of the MOCN feature have been described above. The following figures illustrate the MOCN feature for the supporting and nonsupporting UEs: –– Supporting UE Figure 7.7 illustrates, in general, the signaling flow in a shared RAN through the MOCN feature for a supporting UE. As illustrated in this figure, there are three core network operators – CN‐A, CN‐B, and CN‐C – that are identified by the PLMN 1, PLMN2, and PLMN3, respectively. Since the UE supports the shared network feature, it will decode all the PLMNs identities from the SI messages broadcasted by the shared RAN and select a particular core network operator whose PLMN identity matches with the one derived from the IMSI of the UE. Assume that the UE selected the PLMN: 3. The UE will send the initial message for a particular procedure, say the ATTACH request, to the core network operator with the PLMN: 3 through the shared RAN. Core Network Operators

Supporting UE

Shared RAN

CN-A PLMN 1

CN-B PLMN 2

CN-C PLMN 3

System Information [...PLMN 1, PLMN 2, PLMN3 …] Initial UE Message: X [… PLMN 3….]

Initial UE Message: X [… PLMN 3….] Accept [Message: X]

Figure 7.7  Illustration: supporting UE signaling flow for RAN sharing through MOCN.

Accept [Message: X]

The shared RAN extracts the PLMN identity: PLMN 3 from the signaling message received from the UE and forwards the message to the indicated core network of the operator: CN‐A. The core network will accept the initial

107

108

Mobile Communications Systems Development

signaling procedure initiated by the UE and replies to the UE about the acceptance of its request through the shared RAN as illustrated in Figure 7.7. The accepted message from the core network contains its PLMN ID of the chosen operator. For more details on the actual message flows for supporting UEs, refer to TS 23.251 [37]. –– Non‐supporting UE Figure 7.8 illustrates, in general, the working of a RAN sharing through the MOCN feature for a non‐supporting UE. As illustrated in Figure 7.8, there are three core network operators – CN‐A, CN‐B, and CN‐C – that are identified by the PLMN 1, PLMN2, and PLMN3, respectively. Since the UE does not support the shared network feature, it cannot decode all the PLMNs identities from the SI messages broadcasted by the shared RAN. However, the UE will decode the common PLMN identity from the SI message. The UE will send the initial Layer 3 message for a particular procedure, e.g. ATTACH, Location Area, or Routing Area Update request, to the core network operator with the common PLMN through the shared RAN. The shared RAN forwards the UE message mentioned above to one of the core networks of the sharing operators, say the CN‐A. The core network CN‐A verifies the roaming agreement for the UE from its IMSI. If a roaming agreement is permitted but the CN‐A finds that a CS/PS coordination is required for the UE, as described earlier, then the request made by the UE cannot be accepted by the CN‐A. If the CN‐A is the MSC, it responds with a Reroute Command, TS 48.008 [134], to the shared RAN for rerouting of the UE message to another core network. The Reroute Command contains the rejection of the particular procedure, say Location Update Request reject, along with a Reroute Indication and the original UE initial Layer 3 message. If the CN‐A is the 3G/UMTS SGSN and it cannot accept the UE request, say ATTACH or routing area update, either because of its roaming restrictions or CS/PS coordination requirement, a Reroute NAS Request message, TS 25.413 [54], is sent to the shared RAN for rerouting of the UE message to another core network identified by the P‐TMSI of the UE or SGSN group identity. If the CN‐A is the 2G GPRS SGSN and it cannot accept the UE request, say ATTACH or routing area update, either because of its roaming restrictions or CS/PS coordination requirement, then a Redirection Indication information, TS 48.018 [136], is sent to the shared RAN along with the existing DL‐UNITDATA PDU of the BSSGP layer of the Gb interface. The shared RAN forwards or reroutes the UE message to another core network. The rerouting process of a UE initial Layer 3 message to another core network mentioned above is repeated, and finally, the core network CN‐C has accepted the request made by the UE. The number of rerouting attempts to be made by the shared RAN is controlled by a timer at the RAN end. The last step in Figure 7.8 shows that the core Core Network Operators

Non-Supporting UE

Shared RAN

CN-A

CN-B

CN-C

Initial UE Message: X Message: X Reroute [Reject [Initial Message: X]] Message: X Reroute [Reject [Initial Message: X]] Message: X Accept [Message: X] Accept [Message: X]

Figure 7.8  Illustration: non‐supporting UE signaling flow for RAN sharing through MOCN.

Load Balancing and Network Sharing

network of the operator, CN‐C, sent the result of the corresponding signaling procedure to the UE through the shared RAN. The final acceptance response, e.g. ATTACH Accept or Location Area Update Accept or Routing Area Update Accept, from the respective core network contains its common PLMN ID for the non‐supporting UE. For more details on the actual message flows for non‐supporting UEs, refer to TS 23.251 [37]. ●●

Usages of NRI for Nonsupporting UE/MS

Usages of NRI were discussed in Section 7.1.1. The O&M operator configures and assigns the NRIs to the core network elements, e.g. MSC, SGSN, and MME, that are configured in a pool. Using the NRI, the MSC or SGSN generates and assigns a TMSI or P‐TMSI to a UE or MS as part of its registration with the core network. The allocation of NRIs to core network elements, e.g. MSC and SGSN, is important and must be coordinated for nonsupporting UEs in a shared network. NRIs coordination among the sharing core network operators will ensure that the UE/MS will remain CS/PS coordinated by allocating it to the NRIs in CS and PS domains of the same core network operator. Similarly, as far as the allocation of a TMSI or P‐TMSI is concerned, as it uniquely identifies an ME/UE over the air interface, NRI coordination among the sharing core network operators will ensure that only the correct UE/MS responds to the paging request sent by the shared RAN.

7.2.2  5G NG‐RAN Sharing Through MOCN Feature (Release 16) The 5G system also supports the sharing of an NG‐RAN of an operator with the 5G core network of other participating operators. An arrangement of an NG‐RAN sharing with a core network of participating operators through the MOCN feature is illustrated in Figure 7.9. It may be noted that unlike the first 5G system Release 15, the 5G system Release 16 supports a private 5G network also through a Stand‐alone Non‐Public Network (SNPN), in addition to providing 5G services to the public through a PLMN. In the case of the 3GPP Release 15, the sharing of a 5G NG‐RAN shall be the same as the previous generation systems, i.e. 5G system Release 15 supports NG‐RAN sharing with a PLMN only. However, the support of an SNPN by the 5G system was introduced as part of the 3GPP Release 16. Thus, a 5G NG‐RAN can be shared with a normal, i.e. public network, PLMN as well as the SNPN, i.e. private 5G network, as illustrated in Figure 7.9. A PLMN supports all the radio access technologies, i.e. GSM, UMTS, LTE, and 5G new radio (NR), whereas an SNPN supports the 5G NR only, i.e. N1 mode only. Figure 7.9  Illustration: 5G NG‐RAN sharing through MOCN feature.

CN Operator 1

CN Operator 2

CN Operator 3

PLMN1

PLMN2

SNPN

AMF

UPF

AMF

N2

N3

N2

N3

AMF

UPF

UPF N3

N2

5G Shared NG-RAN

To transfer signaling information and user data, the shared NG‐RAN is connected to the AMF and UPF network functions of the core network of a participating operator over the control plane reference point N2 and user plane reference point N3, respectively. An NG‐RAN can be shared with multiple PLMNs or multiple SNPNs. Further, as illustrated in Figure 7.9, the participating operators provide their 5G services over their respective network slices. Similar to the previous generation systems and as part of the 3GPP release 15 MOCN feature, only the list of PLMN identities of participating operators are broadcasted in a cell by the NG‐RAN to indicate a shared network

109

110

Mobile Communications Systems Development

to UEs. However, as part of the 3GPP release 16 MOCN feature, a list of PLMN identities and Network Identities (NID) is broadcasted in a cell by the NG‐RAN to indicate a shared network to UEs. A PLMN ID and an NID constitute an SNPN ID.

­Chapter Summary In this chapter, we presented the two important functions and features of a mobile communications network, that is, load balancing within an operator and network sharing among the participating network operators. Load balancing among the core network elements of a communications network of an operator is essential to ensure service continuity in the event of failure of a particular network element. For these purposes, core network elements are configured in a pool, and each one may be assigned either on a normal round or weighted round basis to serve UEs/MSs. RAN and core network element sharing through the MOCN feature is of particular interest among the participating network operators as it results in a significant saving in the capital and operational costs for an operator. A participating operator can increase its services coverings by sharing with the RAN of another operator. For a RAN to be shared, cooperation and agreements among the participating operators are required. Through a RAN sharing, the participating operators also share radio resources.

111

8 Packets Encapsulations and Their Routing ­Introduction This chapter covers the user data packets encapsulation methods applied in a mobile communications network while transferring information between two network elements over a particular interface. In a mobile ­communications network, such as General Packet Radio Service (GPRS), Universal Mobile Telecommunication System (UMTS), Long-Term Evolution (LTE)/Evolved Packet System (EPS), and 5G system, packet-switched (PS) user data is not directly transported over the underlying Internet Protocol (IP) transport network; rather, the user data packets are put into another protocol whose resulting packet is further transported over the underlying IP ­transport network. Data packets encapsulations may be applied while communicating over the air interface or between network elements of a core network (CN). We begin with the IP packets encapsulations applied at the CN. It is followed by packets encapsulations that are applied over the air interface while communicating between the User Equipment (UE) and the CN. We then present how the packets encapsulations are used to route user traffic between the ME/ UE and the CN, irrespective of the current location of the mobile user/mobile station (MS)/UE. We close the chapter with the IP header compression and decompression that is applied to user data packets over the air ­interface, its methods, and usages over a low bandwidth network.

8.1 ­User Data Packets Encapsulations In a mobile communications network and system, user/application data packets between the packet data network and an MS/UE are exchanged in an encapsulated and transparent manner, that is, user/application data packets are not directly put into and transported over the underlying transport network, say the IP transport. Instead of it, user data with the IP addresses of the MS/UE and an actual destination server are put and encapsulated into another protocol. The encapsulated and resulting information are put and transported using the actual underlying transport network, for example, using IP transport. User- or application-level IP data packets-only encapsulations are performed over different interfaces and network elements, as mentioned below: ●● ●●

●● ●●

Between the CN elements of GPRS, UMTS, LTE/EPC, and 5G network. Between the CN elements (e.g. UMTS, LTE/EPC, 5G) and radio access network (RAN) (e.g. UTRAN, EvolvedUMTS Terrestrial Radio Access Network (E-UTRAN), 5G NG-RAN). Between the logical nodes, i.e. centralized unit (CU) and distributed unit (DU) of gNB of 5G NG-RAN. Over the air interface between the UE/MS and the CN elements of GPRS.

Mobile Communications Systems Development: A Practical Introduction to System Understanding, Implementation, and Deployment, First Edition. Rajib Taid. © 2021 John Wiley & Sons Ltd. Published 2021 by John Wiley & Sons Ltd.

112

Mobile Communications Systems Development

Section 8.1.1 below describes the methods through which packet encapsulations are performed at the RAN and CN ends. Section 8.1.2 describes the methods through which packet encapsulations are performed over the air interface between a UE and the respective CN.

8.1.1  Packets Encapsulations at the CN and RAN At the CN end, only user data/IP packets are encapsulated and exchanged between network elements using the GPRS Tunneling Protocol ( GTP). The GTP is a general-purpose packet encapsulation protocol that is used across the mobile communication systems and is described in Section 8.1.1.1. Encapsulation allows the transferring of user data packets and routing transparently in a mobile communications network. In a UMTS UTRAN, the GTP user plane is used to exchange user data packets between the Serving GPRS Support Node (SGSN) and UTRAN/Radio Network Controller (RNC) over the PS domain IuPS interface using the IP transport network. GTP user plane may be also used to exchange user data packets between the SGSN and UTRAN/RNC over the IuPS interface using the ATM transport network. For more information on the PS domain protocol stack structure of the UMTS/UTRAN IuPS interface, refer to TS 25.410 [52]. In an LTE/EPS network, the GTP user plane is used to exchange user data packets between the E-UTRAN and Serving Gateway (S-GW) over the S1 user plane interface. Apart from these, there are a couple of logical interfaces, for example, between SGSN and S-GW, S-GW, Packet Data Network Gateway (P-GW), and so on, that also use the GTP user plane to exchange user data packets between them. GTP is described in the next section. In a 5G network, the GTP user plane is used to exchange user data packets between the 5G NG-RAN and User Plane Function (UPF) at 5G CN over the N3 user plane interface. Similarly, the GTP user plane is used to exchange user data packets between the NG-RANs over the Xn user plane interface. Apart from these, there are a couple of logical interfaces that also use the GTP user plane to exchange user data packets between them. GTP is described in the next section. 8.1.1.1  GPRS Tunneling Protocol ( GTP)

In a traditional IP transport network, application/user data is directly transported as part of the payload of an IP packet that is exchanged between the source and destination hosts. But the data for a user/mobile device in a PS communications network are not directly transported over the underlying IP transport network. The mobile user’s data are encapsulated using the GTP before transporting between the source and destination hosts over the connecting IP network. Only application or user data are transferred using the tunneling mechanism between two network elements as specified by the GTP. Each GTP tunnel has two endpoints. Each endpoint is identified through a tunnel identifier, an IP address, and a UDP port. A typical user data transfer using the File Transfer Protocol (FTP) session, between a UE and Internet FTP server, over a GPRS network is illustrated in Figure 8.1 through the user plane protocol stack of the GTP (GTP-U). As shown in this figure, core network nodes, e.g. SGSN/Gateway GPRS Support Node (GGSN), encapsulates an FTP PDP PDU, called T-PDU, within a GTP header. Also, note that the FTP works on top of the Transmission Control Protocol/Internet Protocol (TCP/IP) protocol with the actual MS and Internet server IP address. GTP header is added to the T-PDU, giving a GTP PDU. The GTP-PDU (G-PDU) is put into a UDP PDU and finally put into an IP PDU of the underlying IP transport network. The underlying IP transport header contains the core network elements, or source and destination addresses of the concerned network elements in a mobile network, whereas the GTP PDU header contains the tunnel endpoint identifier that is necessary to uniquely address a PDP context. 8.1.1.2  GTP Functions

The GTP performs control and user plane function as listed below: ●●

Control Plane Functions

Packets Encapsulations and Their Routing

Figure 8.1  Illustration: packet encapsulation using GTP.

G-PDU

FTP Data TCP

T-PDU IP Packets Between MS and FTP Server e.g. UE and www

IP GTP UDP IP Data Link Layer

IP Transport Network Between Core Network Elements. e.g SGSN and GGSN, with Standard GTP UDP Port = 2152

Physical Layer

It is used to exchange signaling-related messages, such as the Mobility Management and Session Management between the core network elements. GTP Control Plane signaling is also used to create, use, modify, and release tunnels. The following functions are performed by the GTP control plane protocol: –– Path Management Functions, e.g. Echo-Request and Echo Response. –– Mobility Management Functions to support handover procedure, e.g. Forward Relocation Request. –– Tunnel Management Functions, e.g. Create Session Request. –– Support of circuit-switched (CS) fallback feature For more information on the above control plane functions of GTP, refer to TS 29.274 [70]. ●●

User Plane Function – Exchanges messages to update the status of user data packet tunnel between peers. –– Tunnel Management Functions. –– Path Management Functions, e.g. Echo-Request and Echo Response. For more information on the above user plane functions of GTP, refer to TS 29.281 [72].

8.1.1.3  GTP User Plane PDU: G-PDU

The GTP user plane PDU is called as the G-PDU, which was illustrated in Figure 8.1. As illustrated in this figure, a G-PDU consists of the following components, see Figure 8.2: ●● ●●

GTP Header T-PDU (Tunneled PDU or GTP Payload for User Data Packet).

T-PDU carries the actual user or application data packet between a UE and the external IP network. For routing the user data/IP packet, a T-PDU contains the source destination (UE or external network) and destination (UE or external network). As an example, in an LTE/EPS network, GTP user plane messages are exchanged over the S1-U, X2, S4, S5, S8, and S12 interfaces. In a 5G network, GTP user plane messages are exchanged over the N3, Xn, and so on logical interfaces. For more details on the components of the GTP header, refer to TS 29.281 [72]. Figure 8.2  Components of GTP user plane G-PDU.

GTP User Plane G-PDU GTP Header

T PDU

113

114

Mobile Communications Systems Development

8.1.1.4  GTP Control Plane PDU

Unlike the GTP user plane protocol, the GTP control plane protocol does not use a separate encapsulated PDU to exchange information between two network elements. GTP control plane messages exchanged for various GTP procedures as mentioned in Section  8.1.1.2 are directly transported between two network elements over the underlying IP transport network. This is illustrated in Figure  8.3 between LTE/EPC Mobility Management Entity (MME) and P-GW. GTP control plane message has its header which consists of the following typical information fields: ●● ●● ●● ●● ●●

GTP version Piggybacking information flag Tunnel endpoint Identifier flag Message type Message length

As an example, in an LTE/EPS network, GTP control plane signaling messages are exchanged over the S3, S4, S5, S8, S10, S11, and S16 interfaces; refer to Figure 1(b) TS 23.002 [29]. Figure 8.4 below illustrates the usages of some of the GTP control plane signaling messages that are exchanged over the LTE/EPC S3 interface between SGSN and LTE/EPC MME and the S11 interface between MME and S-GW during a typical inter-Radio Access Technology (RAT) handover from GPRS to LTE/EPS network. To initiate an inter-RAT handover procedure from a GPRS to LTE/EPS network at the CNs level, the SGSN makes a handover request to the LTE/EPC MME, which creates a new session with the S-GW on behalf of the UE. For illustration purposes, GTP signaling messages exchanged among the CN elements are shown in italics in Figure 8.4. For more information on the GTP control plane protocol, its header, and message details, refer to TS 29.274 [70]. Figure 8.3  Illustration: LTE/EPC GTP-C message over UDP/IP interface.

GTP-C Message MME

P-GW

UDP/IP Interface

S3 Interface MME

SGSN Forward Relocation Request

Create Session Request Create Session Response Forward Relocation Response ………………………… Forward Relocation Complete

…………………………

Notification Forward Relocation Complete Acknowledge

Figure 8.4  Illustration: GTP-C message exchanged during inter-RAT handover.

S11 Interface

…………………………

S-GW

Packets Encapsulations and Their Routing

8.1.1.5  Example: GTP and Packet Encapsulations at LTE EPC

Figure 8.5 illustrates the transportation of UE-generated user traffic/IP packets through encapsulations using the GTP user plane protocol in an all IP LTE/EPC network. Note that the LTE UE is not aware of the GTP being used for encapsulations and transporting of its packet with the CN. As illustrated in this figure, the UE communicates with the WWW server and exchanges IP packets over the LTE/EPC network. The IP packets originated from the UE contains its IP address as the source and the WWW server address as the destination IP address. With this source and destination IP addresses remaining unchanged, UE IP packets are tunneled across the EPC network element, i.e. ENodeB, S-GW, and P-GW using the GTP. In Figure 8.5 illustration, the S1 GTP tunnel between the eNodeB and the S-GW contains the eNodeB and S-GW IP address as the source and destination IP addresses and vice versa. The S5 GTP tunnel between the S-GW and P-GW contains the S-GW and P-GW IP address as the source and destination IP addresses and vice versa. A GTP tunnel has a tunnel endpoint identifier, IP address, and UDP port number in each node. In this figure, the tunnel is being shown as the pipe, and inside the tunnel, the flow of IP packets is shown as the bold horizontal line.

8.1.2  Packet Encapsulations over Air Interface In Section 8.1.1, user data packets-only encapsulations at the RAN, CN, and various network elements of a mobile communications network have been described. Similar to this, user data packets are also encapsulated while transporting them over the respective air interface of different mobile communications systems as described below: ●●

Packets encapsulations between the CN element and MS in the GPRS network

Consider the packet data encapsulation services which are provided through the GPRS communications system. In the GRPS system user plane protocol stack, there is a protocol layer called Subnetwork Dependent Convergence Protocol (SNDCP), TS 44.065 [132], terminating at the MS and SGSN end. Subnetwork refers to the GPRS network. SNDCP layer converges and multiplexes packet data, called network PDU, N-PDU, coming from a network/application protocol over a particular Network Layer Service Access Point Identifier (NSAPI). In the same way as the GTP, the PDU that is generated and passed by the SNDCP to the lower layer is called as the SN-PDU. An SN-PDU contains the user application packets between a UE and the Internet server with the corresponding source and destination addresses. The SN-PDUs are transported between a UE and the SGSN across the Global System for Mobile Communication (GSM)/GPRS air interface. The SGSN, in turn, forwards the SN-PDUs to the GGSN over the Gn interface using the GTP. Figure 8.6 illustrates packet encapsulations in a GPRS network over its air interface between an MS and SGSN. In this illustration, the base station controller (BSC) is not being shown between the MS and the SGSN for brevity. Source IP: UE Dest. IP: WWW Server

Source IP: UE Dest. IP: WWW Server

Source IP:UE Dest. IP: WWW Server

IP Packets

Source IP: eNB Dest. IP: S-GW

Source IP: S-GW Dest. IP:P-GW

S1 GTP Tunnel

S5 GTP Tunnel

UE

ENodeB

S-GW

WWW

P-GW

Figure 8.5  Illustration: user data/IP packets encapsulations and tunneling using GTP in LTE/EPC network.

115

116

Mobile Communications Systems Development Packets from Network Packets from Network Protocol Y Protocol X Air N-PDU N-PDU Interface S

SNDCP Layer M S

SN-PDU

Figure 8.6  GPRS packet encapsulation, between MS and SGSN, over the air interface.

G

SN-PDU

S N

LLC Layer ………………………………. ……………………………….

8.2 ­IP Packet Routing in Mobile Communications Networks In a mobile communications system, it is interesting to see the reachability of a mobile subscriber irrespective of its current location within a particular coverage area. This is possible because of the accurate routing of the ongoing call, either CS or PS, for the concerned mobile subscriber. It becomes possible to route a call or user data correctly to the mobile user because of the mobility management functions that are performed by a UE/MS and its mobile communications network. More details on 5G mobility management functions are available later in Section 18.4. In a PS network, a router makes packets routing decisions based on the destination IP address of a packet as well as the current routing table of the router. In the case of a traditional IP network, the location of a destination device and its IP address rarely changes. But in a mobile communications network, a subscriber can freely move at any point in time within its network coverage areas or other network areas, i.e. a roaming user. This gives rise to the requirements of a flexible as well as a correctly routing mechanism to route packets, to a UE, of a PS call by the CN. ●●

GPRS/UMTS CN

Consider the IP packet routing requirement in an inter SGSN user movement scenario of a GPRS/UMTS network, shown in Figure 8.7. In the case of packets routing between the SGSN and GGSN as shown in Figure  8.7, they do not use the source (MS/UE) and actual destination (e.g. WWW server) IP address that is available in the user’s IP packet; rather, the user’s IP packets are routed/tunneled as an encapsulated payload using the GTP between the SGSN and the GGSN. The GTP over the Gn interface contains the IP addresses of the SGSN and GGSN as the source and destination, and vice versa, to exchange tunneled user data packets between them. This approach is Figure 8.7  Illustration: GPRS inter SGSNs routing area update procedure.

New Routing Area MS enters

GTP Tunnel SGSN

MS Performs a RAU in New Routing Area Old Routing Area MS Leaves SGSN

Gn Interface

WWW Gi Interface

GGSN

GTP Tunnel Gn Interface

Packets Encapsulations and Their Routing

particularly helpful in ­scenarios where the SGSN and the GGSN are not connected directly but connected through several intermediate routers. Whenever a mobile subscriber enters a new coverage area controlled by another SGSN and to route the incoming packets correctly toward the mobile device, the routing tables of the intermediate routers as well as the SGSN and GGSN would have been required to be updated. But to avoid such update requirements at multiple intermediate hosts during the UE/user’s movements, only the GGSN’s routing table is required to be updated using the IP address of the new SGSN. Figure 8.7 illustrates an example of an inter SGSNs routing area update (RAU) scenario where the GGSN updates its routing table with the IP address of the new SGSN that is now serving the MS. To establish and inform the current location, an RAU, as shown in Figure 8.7, procedure is initiated by the mobile device on entering and detecting a new routing area that is controlled by the new SGSN. As part of the RAU procedure and on behalf of the requesting MS, the new SGSN of the new routing area sends the Update PDP Context Request message, refer to TS 29.060 [67], containing the new SGSN address to the GGSN. Subsequent packets of the MS are routed from the GGSN to the new SGSN only. For more information on the inter SGSNs RAU procedure, refer to TS 23.060 [31]. ●●

LTE/EPS CN

Similar to the GPRS/UMTS RAU, an LTE/EPS-registered UE makes the tracking area update (TAU) request to the LTE/EPC MME to update its current location. The MME will send, on behalf of the UE, the Create Session Request Message, refer to TS 29.274 [70], to the new S-GW if there is a change during the TAU so that subsequent packets of the UE are routed from the new S-GW to the MME. For more information on the inter S-GW TAU procedure, refer to TS 23.401 [39]. A similar procedure is used to correctly route packets to a mobile device in the 5G system also, using the GTP, independent of its location.

8.3 ­IP Header Compression and Decompression ●●

Requirements of IP Header Compression

All of us used to save computer storage space by compressing files through the zip utilities. Similarly, in mobile communications networks also, protocol layer header information exchanged may be compressed before it is sent over the air interface between the sending and receiving ends. At the receiving end, the IP layer header is decompressed again. The bandwidth resources, especially the air interface, utilization for IP data services in a mobile communications network could be reduced and utilized in an optimum way through compressing (at the sending end) of IP layer header information. This will result in an efficient transmission and quick network response, delivering an overall rich user experience. The application of the header compression procedure will be particularly useful in the case of a low bandwidth network. In a mobile communications system and network, the IP header compression/decompression procedure may be an optional one. ●●

How does IP Header Compression work?

A packet data session or stream of a user or application contains multiple IP packets having protocol header information in each packet for its proper routing across multiple hosts. Recall the components of an IPv4 header that consists of the following fields: –– Version, Internet Header Length (IHL), Differentiated Services Code Point (DSCP), Explicit Congestion Notification (ECN), Total Length –– Identification, Flags, Fragment Offset –– Time To Live, Protocol, Header Checksum –– Source IP Address –– Destination IP Address

117

118

Mobile Communications Systems Development

The value of the some of the fields, e.g. source and destination IP address, UDP or TCP port, IP version, and so on, of an IPv4 header mentioned above, may not change during the entire data flow/session. IP protocol header compression algorithm will not send those fields that are determined to remain the same in each IPv4 packet of the same data flow/stream, or few bits may be used to represent those fields, thus resulting in overall smaller size IPv4 packets and saving significantly in the total number of the bits sent in each IP packet over a particular interface. See Example 8.1 and Figure 8.8 for a description and an illustration of the IP header compression method. ●●

IP Header Compression/Decompression Methods

In mobile communications networks, an IP header compression/decompression, for user data packets, related tasks are performed by the protocol layer which is immediately below the IP layer of the UE/MS protocol stack. Table 8.1 shows the protocol layers performing the header compression/decompression tasks along with their corresponding Request For Comments (RFC) number for the respective compression/decompression framework implemented by the concerned protocol layer. These layers use the well-known protocols as mentioned in the concerned RFCs defined by the IETE. Refer to the indicated RFC# for more information on the header compression/decompression procedure adopted by each protocol layer.

Example 8.1  IPv4 Header Compression for VoIP Calls Consider a typical VoIP call made over the IPv4 network. The typical protocol stack for a VoIP call is shown below (Figure 8.8). The voice is digitized, and the coded data call is placed as the payload of the RTP. RTP packets are transported over the UDP, which is routed further by the IP transport network. The minimum size of the IPv4 header with its fields is 20 bytes. Also, ●● ●●

UDP header takes 8 bytes and RTP header takes 12 bytes, excluding the payload part.

Thus, the total size of the uncompressed header, in this case, is 20 + 8 + 12 = 40 bytes. The header compression algorithm, at the sending end, may compress the header size of 40 bytes to fewer bytes, say 1–2 bytes, and sends it in the subsequent IPv4 packets, thus resulting in significant savings in the consumption of ­network bandwidth resources. Similarly, using the IPv6 version, the size of the uncompressed IPv6 header is 40 bytes. If an application, such as FTP, uses the TCP whose transport header size is 20 bytes, the total size of the uncompressed header (IPv6 + TCP) is 60 bytes. For a large file size transfer scenario, gain from the protocol header compression may not be significant. But for data traffic, e.g. VoIP, having a small payload size less than the uncompressed header size may gain significantly in the overall bandwidth resource utilization.

VoIP Payload

RTP

Payload Size Same

Header Compression

UDP IP

Total Size of Header = 40 bytes

VoIP Payload

Header Info Total Size of Header = 1 or 2 bytes

Figure 8.8  Illustration: IP header compression for a VoIP call.

Packets Encapsulations and Their Routing

Table 8.1  IP header compression/decompression methods. System

Air Interface Protocol Layers

IP Header Compression/Decompression Method

RFC#

GPRS

SNDCP

TCP/IP Header Compression, IP Header Compression, ROHC

1144, 2507, 3095 [13]

UMTS

PDCP

IP Header Compression, ROHC

2507, 3095 [13]

LTE

PDCP

ROHC

3095, 4815, 4995

5G

PDCP

ROHC

3095, 5795, 4815 [16]

­Chapter Summary In this chapter, we have presented one of the important functions, i.e. encapsulation of user or application layer IP data traffic performed by the RAN and CN elements. We have also discussed another important function performed by the CN, which is the routing of user IP data traffic in mobile communications networks irrespective of the current location of a mobile user. In summary, the GTP is used to tunnel and route user data between CN elements in an encapsulated manner. There are a couple of logical interfaces that use the GTP to exchange information among the network elements.

119

121

9 Security Features in Mobile Communications Networks ­Introduction In mobile communications networks, the information transmitted and received by a mobile device over the air interface gets exposed and can be intercepted by unauthorized users. The protection of user privacy, as well as the information transmitted/received between a mobile device and the network, is one of the important functions that is performed by mobile communications systems and networks. Another important function of mobile communications networks is to ensure that only an authenticated and authorized user is allowed to access network services. These capabilities are realized and ensured by the security aspects of the concerned mobile communications system and network. Security features and their mechanisms are part of the system engineering aspects of a mobile communications system, as described in Section 2.4.4. This chapter begins with the security aspects in terms of security features and mechanisms that are employed by a particular mobile communications system to authenticate its mobile users and protect their information as well as to protect signaling information being exchanged over the air interface. A mobile user’s security context and its interworking requirements in the case of inter-Radio Access Technology (RAT) mobility are also discussed.

9.1  ­A Brief on the Security Architecture: Features and Mechanisms Privacy protection and secure communications services to mobile users over the air interface depend on the security architecture of a particular mobile communications system, i.e. Global System for Mobile Communication (GSM), Universal Mobile Telecommunication System (UMTS), Long-Term Evolution (LTE), and 5G system. The security architecture, in general, of a mobile communications system and network, is based on the following aspects: ●●

Security features, which specifies the security requirements between the user and the network for a particular mobile communications system. Some of the security features, in general, used over the physical Radio Frequency (RF) path of the GSM, UMTS, LTE, and 5G system air interface are listed below: –– Subscriber Identity Authentication, –– Subscriber Identity Confidentiality, –– Subscriber Information Confidentiality, and –– Integrity Protection, in the case of UMTS, LTE, and 5G systems only.

Mobile Communications Systems Development: A Practical Introduction to System Understanding, Implementation, and Deployment, First Edition. Rajib Taid. © 2021 John Wiley & Sons Ltd. Published 2021 by John Wiley & Sons Ltd.

122

Mobile Communications Systems Development Air Interface

Encrypted / Ciphered Data Identification and Authentication Response Identification and Authentication Request MS

RAN

CN

RAN

CN

Figure 9.1  Illustration: security features for protection of user traffic in GSM, GPRS, UMTS, LTE, and 5G systems.

Air Interface

Integrity Protection of RRC Signaling Integrity Protection of NAS Layer Signaling UE

●●

Figure 9.2  Illustration: security features for protection of signaling traffic in UMTS, LTE, and 5G systems.

Security mechanisms, which specifies the methods to be used by a mobile device and its network to implement the above security features. For example, user data/information confidentiality is realized using the ciphering/ encryption method. Similarly, user identification and authentication are performed by using security keys and algorithms that are known to the mobile device and the network only.

Figure 9.1 illustrates the security features, in general, applied between a mobile device and the radio access network (RAN) of the GSM, General Packet Radio Service (GPRS), UMTS, LTE, and 5G systems to protect user traffic over the air interface. First of all, mobile device identification and authentication is performed by the network during a call setup phase. For example, refer to Figure 2.8, where the authentication task is performed following the GSM Connection Management (CM) layer Service Request message from the mobile station (MS) to the network for a GSM mobileoriginated voice call (MOC). Only when the mobile device has been authenticated successfully, the core network initiates the security procedures toward the MS so that the subsequent traffic between the mobile device and the network is exchanged in a ciphered/encrypted manner over the air interface. Note that in the GSM system, ciphering is performed by the base transceiver station (BTS), whereas the same task is performed by the Serving GPRS Support Node (SGSN) in the GPRS/UMTS system. Further, Figure 9.2 illustrates the security features, in general, applied between a mobile device and the RAN and core network of the UMTS, LTE, and 5G systems only to protect the integrity of signaling traffic contents from alteration due to any reasons. Table 9.1 summarizes the security features that are applied to protect the user as well as signaling information in GSM, GPRS, UMTS, LTE/EPS, and 5G networks. From Table 9.1, it can be stated that the UMTS, LTE, and 5G systems have more security features and methods compared to the GSM system. Unlike the GSM system, in the UMTS, LTE, and 5G systems, the integrity of the Radio Resource Control (RRC) and Non-access Stratum (NAS) layer signaling information which is exchanged between the User Equipment (UE) and the network is also protected using different security algorithms. Also, in the UMTS system only, the air interface RRC layer messages are integrity protected. But in the LTE and 5G ­systems, the RRC as well as the NAS layer messages are also security and integrity protected.

Security Features in Mobile Communications Networks

Table 9.1  Summary of security features and its network elements. Security Features

Systems

Applied Between

Ciphering (Signaling and User Traffic)

GSM, GPRS, UMTS, LTE, and 5G

MS and RAN

UMTS

UE and UTRAN (AS Layer)

LTE

UE and E-UTRAN (AS Layer), UE and EPC MME (NAS Layer)

5G

UE and NG-RAN (AS Layer); UE and 5GC AMF (NAS Layer)

Identity, Authentication Integrity Protection (Signaling Traffic)

MS/UE and Core Networks

Security architectures and algorithms differ from the GSM to the 5G system. Various algorithms and keys are used to implement security features and integrity protection of the information exchanged between a mobile device and the network. For more information on the security architecture of the GSM system, refer to TS 42.009 [128]; the UMTS system, refer to TS 33.102 [85]; the LTE/EPS system, refer to TS 33.401 [86]; and the 5G system, refer to TS 33.501 [87]. As a result of the execution of a security procedure successfully, a corresponding security context containing security-related information is created at both the mobile device and the network end. A security context created in a particular RAT/system, e.g. LTE, may be also used to map and derive the security context for another RAT, e.g. 5G, during an inter-RAT handover of a mobile user.

9.2  ­Security Features and Its Mechanisms ●●

Subscriber Identity Confidentiality

To protect a subscriber/MS identity, such as its International Mobile Equipment Identity (IMEI) or Mobile Subscription Identification Number (MSIN), from eavesdropping over the air interface, the core network provides a facility to allocate a temporary identity instead of using its permanent identification such as the International Mobile Subscriber Identity (IMSI). This temporary identification is known only within the currently registered area of the mobile subscriber. Upon an MS/UE current location change, it may be allocated again to a new temporary identity by the core network. Table 9.2 shows the temporary identity assigned to an MS/UE by the respective mobile communications system to protect the subscriber’s identity over its air interface. For more details on the above temporary identities of an MS/UE, refer to Section 5.3. ●●

Subscriber Identity Authentication

Only an authorized subscriber is allowed to access a mobile communications network and its services. This function contains authentication procedures and algorithms to be used by the concerned core network element to verify and authenticate a mobile subscriber. Table 9.3 shows the authentication procedures used by the different mobile communications systems. In the UMTS, LTE, and 5G systems, a subscriber and the core network mutually authenticate each other to ensure that only an authorized subscriber is allowed to access the network and also to ensure that a UE is accessing its correct network. The method used to perform such a mutual authentication task is known as the Authentication and Key Agreement (AKA) method where a secret key, called KASME in LTE/EPS network; KAMF in 5G system; and K in UMTS, is shared between UE and core network. LTE/EPS AKA is based on the UMTS AKA method. For more information on the AKA procedure, refer to 3GPP TS 33.102 [85]; TS 33.401 [86]; and TS 33.501 [87].

123

124

Mobile Communications Systems Development

Table 9.2  Temporary identities used for subscriber identity confidentially. System

Temporary Identity Used for MS/UE

Valid Area of the Temporary Identity

GSM

Temporary Mobile Subscription Identifier (TMSI)

Location Area

GPRS

Temporary Logical Link Identifier (TLLI), P-TMSI

Routing Area

UMTS

TMSI, P-TMSI

Location/Routing Area

LTE

Globally Unique Temporary Identifier (GUTI), S-TMSI

Tracking Area

5G

5G-GUTI, 5G-S-TMSI

Registration Area

Table 9.3  Keys and algorithm used for subscriber identity authentication. System

Keys and Algorithms

GSM

RAND, Authentication Key, SRES, A3 Algorithm, IMSI, and TMSI during LAU

GPRS

RAND, Authentication Key, SRES, A3 Algorithm, IMSI, and TLLI during RAU

UMTS

Authentication and Key Agreement (AKA)

LTE

Authentication and Key Agreement (AKA)

5G

Authentication and Key Agreement (AKA)

●●

Confidentially of User and Signaling Information

Information transmitted as part of the user and signaling messages between the mobile device and the network is also required to be protected so that eavesdropping on them is not possible. To achieve this, encryption of information through the ciphering mechanism is used. It is the common method that is employed across the communications systems, i.e. GSM, GPRS, UMTS, LTE, and 5G systems, over their respective air interface. The ciphering method is applied to the signaling as well as the user traffic information that is exchanged between the MS/UE and the network. The ciphering method works on the bit per bit addition of the user data flow and its corresponding key stream. Table  9.4 shows the various ciphering algorithms and their keys used in the GSM, GPRS, UMTS, and LTE systems. Ciphering is an optional security feature at the network end. For more information on the above ciphering algorithms and keys, refer to the 3GPP TS 33.102 [85], TS 33.401 [86], and TS 33.501 [87]. ●●

Integrity Protection of Signaling Information (UMTS and LTE)

Signaling information exchanged between a mobile device and the core network may get altered because of unknown reasons. Integrity protection functionality of signaling information ensures that the message contents are not altered and their integrity is protected during transmission. Table 9.5 summarizes the keys and algorithms used for integrity protection purposes over their respective logical interfaces of the UMTS, LTE, and 5G systems. Table 9.6 summarizes the network elements and protocol layers that are responsible for performing the ciphering and integrity protection functions for the information exchanged between the MS/UE and network.

Security Features in Mobile Communications Networks

Table 9.4  Ciphering algorithms and keys used for information confidentiality. System

Keys, Algorithms

GSM

Ciphering Key Kc, Key Sequence number, Algorithm: A5, A8

GPRS

Ciphering Key: GPRS-Kc, GPRS-Key Sequence number, Algorithms: GPRS-A5, A8

UMTS

UEA0 (UMTS Encryption Algorithm), UEA1 (UMTS Encryption Algorithm), UEA2 (UMTS Encryption Algorithm)

LTE

EEA0 Null ciphering algorithm 128-EEA1 SNOW 3G-based algorithm (128 bits) 128-EEA2 AES-based algorithm (128 bits) 128-EEA3 ZUC-based algorithm (128 bits)

5G

NEA0 Null ciphering algorithm 128-NEA1 SNOW 3G-based algorithm (128 bits) 128-NEA2 Advanced Encryption Standard (AES)-based algorithm (128 bits) 128-NEA3 ZUC-based algorithm (128 bits)

Table 9.5  Algorithms and keys used for integrity protection. System

Keys and Algorithms

UMTS

UIA1 (UMTS Integrity Algorithm) UIA2 (UMTS Integrity Algorithm)

LTE

EIA0 Null Integrity Protection algorithm 128-EIA1 SNOW 3G-based algorithm (128 bits) 128-EIA2 AES-based algorithm (128 bits) 128-EIA3 ZUC-based algorithm (128 bits)

5G

NIA0 Null Integrity Protection algorithm 128-NIA1 SNOW 3G-based algorithm (128 bits) 128-NIA2 AES-based algorithm (128 bits) 128-NIA3 ZUC-based algorithm (128 bits)

Table 9.6  Protocol layers: ciphering and integrity protection. Security Functions

GSM

GPRS

UMTS

LTE

5G

Ciphering

BTS

SGSN

Radio link control (RLC), Medium Access Control (MAC)

Packet Data Convergence Protocol (PDCP)

PDCP

Integrity Protection

—

—

RRC

PDCP, NAS

PDCP, NAS

125

126

Mobile Communications Systems Development Inputs (e.g. Direction (UL, DL), Length…) …….. Ciphering Algorithm

Key

Key Stream Block Plain Information

Ciphered Information

(a) Inputs (e.g. Direction (UL, DL), Length …) ……....... Key

Integrity Algorithm

Authentication Code (appended to the message to be transmitted)

(b)

Figure 9.3  Illustration of (a) ciphering and (b) integrity protection algorithms.

Figure 9.3 illustrates the concept of working of the ciphering and integrity protection of information transmitted over the air interface.

9.3  ­GSM Security Procedures The activation of a GSM security procedure, i.e. confidentiality/ciphering, for a typical mobile-originated call (MOC) is illustrated in Figure 9.4. As illustrated in this figure, authentication of a user in a GSM network is performed after receiving the initial Layer 3 message CM Service Request message from the MS. An MS identity is authenticated using the challenge-response method. In this method, the core network sends a 128-bits random number (RAND), as mentioned in Table 9.3, to the MS. The MS calculates a 32-bit signed response (SRES) using the algorithm A3 and also using some secret information that is stored in the SIM of an MS. The MS transmits the SRES to the core network which verifies and authenticates the MS successfully. Once a user has been authenticated, the encryption and ciphering of signaling and voice information is started by the MSC by sending the Base Station Subsystem Mobile Application Part (BSSMAP) layer CIPHER MODE COMMAND, refer to TS 48.008 [134], to the BSC. The CIPHER MODE COMMAND message contains the list of ciphering algorithms A5/1 to A5/7. The BSC selects a particular ciphering algorithm and sends it through the RR layer CIPHERING MODE COMMAND to the MS; refer to TS 44.018 [130]. The enabling of the ciphering mode control process is indicated with a RR CIPHERING MODE COMPLETE message from the MS to the BSC, followed by a BSSMAP layer CIPHER MODE COMPLETE message reply from the BSC to the MSC. This also indicates the completion of RR connection establishments and the start of the Layer 3 signaling messages between the MS and the MSC through the BSC.

Security Features in Mobile Communications Networks

Figure 9.4  Illustration: activation of GSM security procedure for a MOC.

Mobile

BSC

MSC

Channel Request Immediate Assign CM Service Request CM Service Request Cipher Mode Cmd

[Encryption Information A5/1…..A5/7]

Ciphering Mode Cmd. [Ciphering Mode Setting] Ciphering Mode Complete

Cipher Mode Complete CM Service Accept CM Service Accept

……………………………… ………………………………

9.4  ­UMTS, LTE, and 5G: AS and NAS Layer Security Procedures Unlike the GSM system, integrity protection over the air interface is applied to protect the signaling messages of the Access Stratum (AS) and NAS layers of the UMTS, LTE, and 5G systems. Information confidentiality/encryption through ciphering and also its integrity protection in the case of UMTS, LTE, and 5G systems are performed and divided into the following categories: ●●

Security for the AS, between –– UE and UMTS terrestrial radio access network (UTRAN) (UMTS system), –– UE and E-UTRAN (LTE system), and –– UE and NG-RAN (5G system).

The protocol layers that are responsible to perform the integrity protection and ciphering functions over the respective air interface of the UMTS, LTE, and 5G NR systems were listed in Table 9.6. ●●

Security for the NAS Layer, between –– UE and the Mobility Management Entity (MME) (LTE system only) and –– UE and the Access and Mobility Management Function (AMF) (5G system only).

Figure 9.5 illustrates the integrity protection and ciphering procedure (dotted line) applied over the AS (RRC) and NAS signaling messages in the case of the LTE system. Similar security measures are also used in the case of the 5G system. As mentioned in the previous sections, various algorithms are used by the UE, RAN, and core network elements to perform integrity protection and ciphering of information during its transmission. ●●

Activation of Security Features and Mechanisms

In UMTS, LTE, and 5G systems, the security features and its mechanism, i.e. integrity protection and ciphering, and their algorithms are activated and taken into account through the SECURITY MODE COMMAND and COMPLETE messages that are exchanged between the

127

128

Mobile Communications Systems Development Ciphered and Integrity Protected NAS

NAS S1-AP

RRC

RRC

Ciphered and

PDCP

Integrity

RLC

Protected

SCTP

PDCP

IP

RLC

Data Link

MAC

MAC

Physical

Physical

Physical

ENodeB

UE

UE

MME

Figure 9.5  Illustration: LTE ciphering and integrity protection of AS and NAS layer signaling.

UTRAN/E-UTRAN/5GNG-RAN

Security Mode Command [TS 25.331, TS 36.331,TS 38.331]]

[Encryption and Integrity Protection Algorithm] Security Mode Complete

(a) RAN

UMTS CN/ EPC CN / 5G CN

Security Mode Command [TS 25.413, TS 24.301, TS 24.501]

Security Mode Complete

(b)

Figure 9.6  Illustration: security mode command to activate ciphering and integrity protection: (a) Access Stratum and (b) Non-access Stratum.

–– UE and UTRAN (UMTS); –– UE and E-UTRAN (LTE); UE and NG-RAN (5G); and –– UE and MME, for LTE/EPS only; UE and 5G Core AMF, for 5G system only. Figure  9.6 illustrates the activation of the security features through the SECURITY MODE COMMAND and SECURITY MODE COMPLETE messages for the security protection of AS and NAS layer signaling messages over the respective interfaces. The UE provides its security capabilities and sends it in the initial network registration to the core network. A UE may also provide the previous generation mobile communications system’s security capabilities along with its current security capabilities. Note that though the name of security command mode messages is the same between UE and UTRAN, UE and E-UTRAN, UE and the MME, as illustrated in Figure 9.6, their formats and contents are not the same. The contents of the SECURITY MODE COMMAND and COMPLETE messages used in the UMTS, LTE/EPS, and 5G systems can be further examined from the corresponding 3GPP TS mentioned in Figure 9.6. The requirements of the integrity protection of NAS signaling messages are mandatory, whereas the confidentiality/ciphering of user data, Access Stratum, and NAS information through ciphering is an optional one at the network end. Also, in the UMTS, LTE, and 5G systems, there are several NAS and AS RRC layer messages where integrity protection is not applied. Refer to TS 24.301 [46], TS 25.331 [50], TS 36.331 [94], and TS 38.331 [116] for such messages where integrity protection is not applied. Example 9.1 and Figure 9.7 describe and illustrate the AS and NAS layers security activation in the case of the LTE/EPS network.

Security Features in Mobile Communications Networks

Example 9.1  LTE/EPS Security Features Activation for AS and NAS Layers Figure 9.7 illustrates the activation of the security features for the LTE/EPS AS and NAS layers. A UE sends its UE initial registration in an LTE/EPS network through the NAS layer ATTACH REQUEST procedure. The UE sends the supported encryption/ciphering and integrity algorithms to the core network element MME in the ATTACH REQUEST message. The security capability information from a UE is transferred under the following IEs of the ATTACH request message: ●●

●●

UE network capability, which is a mandatory IE, containing the LTE/EPS and UMTS security features and its mechanisms. MS network capability, which is an optional IE for a UE that supports GPRS/UMTS security-related algorithms.

To activate the security features through the integrity protection and ciphering method for the NAS layer between the UE and the LTE/Evolved Packet Core (EPC), the MME resends the same security capabilities information to the UE using the message SECURITY MODE COMMAND under the UE security capability mandatory IE; see Figure 9.7. Once the NAS layer security features have been activated, the LTE/EPC establishes the UE initial context with E-UTRAN. To do this, the MME sends the initial context setup request message to the E-UTRAN containing the ATTACH accept message, bearer details, UE security capabilities, and security key; see Figure 9.7. A similar approach is used in the case of the 5G system also where the 5G core AMF establishes the UE initial context with NG-RAN by sending an initial context setup request message containing the registration accept message for a UE.

Figure 9.7  Illustration: LTE/EPS initial UE registration and its security features indication.

UE

E-UTRAN

MME

ATTACH REQUEST [Encryption and Integrity Protection Algorithm] AUTHENTICATION REQUEST AUTHENTICATION RESPONSE NAS Security SECURITY MODE COMMAND [Encryption and Integrity Protection Algorithm] SECURITY MODE COMPLETE Initial Context Setup Request

[ATTACH ACCEPT, […UE Security Capability….]] AS Security SECURITY MODE COMMAND […UE Security Capability….]

SECURITY MODE Initial Context Setup Response COMPLETE …………………… ATTACH COMPLETE

129

130

Mobile Communications Systems Development

The UE security capabilities information contains the LTE/EPS integrity and encryption algorithms to be applied over the air interface between a UE and the E-UTRAN. Using the UE security capabilities and security key information, the E-UTRAN activates the initial security features for the AS layer between UE and the E-UTRAN by sending the SECURITY MODE COMMAND message to the UE. A SECURITY MODE COMPLETE message from the UE to the E-UTRAN ends the successful activation of the security features. For more details on the functions performed by a UE and E-UTRAN upon receipt of the initial security activation request from the MME, refer to TS 36.331 [94] and TS 24.301 [46]. Note that as shown in the above Figure 9.7, the same message name SECURITY MODE COMMAND/COMPLETE is used over the LTE/EPS S1 and air interface to activate the security features and their mechanism between a UE and the LTE/EPC.

9.5  ­Security Contexts A security context of a UE/MS contains the important keys of the security algorithms and is created and stored at the MS as well as network. A security context is created as a result of a successful authentication procedure performed and activated by the core network during the MS/UE initial registration procedure. Refer to Figure 9.7 for a typical illustration of an ATTACH request procedure of LTE/EPS. A security context may be also created at the MS and network end as a result of an intersystem change from GSM to UMTS and vice versa; from LTE to UMTS or GSM and vice versa. Table 9.7 shows the various security-related information that is stored as part of a security context of an MS/UE in each of the mobile communications system. In the case of the LTE/EPS system, security context information consists of the AS and NAS layer security contexts as the security features are activated separately for them. The purpose of establishing a security context in the LTE/EPS system is to avoid the reauthentication, next time the UE reattaches, requirements at the core network end prior to processing of NAS signaling messages. For example, after a successful initial network registration, if an LTE UE was switched off and on again, the same security context can be reused while attaching to the core network. In this case, all the NAS messages from the UE shall be integrity protected. But if an LTE UE attaches to the core network for the first time, all the NAS messages from the UE will not be integrity protected until the security procedures are completed and activated successfully between UE and the core network, as illustrated in Figure 9.7.

9.6  ­Security Interworking In the preceding sections, we have discussed the security features and their implementation mechanisms through various security algorithms and keys that are specific to a particular cellular system, i.e. GSM, GPRS, UMTS, LTE, and 5G. We have also discussed the cellular system-specific security context that is created as a result of the completion of a successful security procedure between a mobile device and the network. Security interworking requirements arise as a result of the interworking and interoperations of mobile communications systems and networks, which was described earlier in Chapter 6. Two typical cases may be considered for the discussion of the security interworking requirements: ●● ●●

The idle state of a mobile device and Inter-RAT handover.

Security Features in Mobile Communications Networks

Table 9.7  Security context contents in GSM, GPRS, UMTS, LTE and 5G systems. Contents of GSM/GPRS Security Context Circuit-Switched Domain

Packet-Switched Domain

GSM Ciphering Key GSM Ciphering Key Sequence Number

GPRS GSM Ciphering Key GPRS Ciphering Key Sequence Number

Contents of UMTS Security Context Circuit-Switched Domain

Packet-Switched Domain

UMTS and GSM Ciphering Key UMTS Integrity Key GSM Ciphering Key Sequence Number

GPRS UMTS Ciphering Key GPRS UMTS Integrity Key GPRS GSM Ciphering Key GPRS Ciphering Key Sequence Number

Contents of LTE/EPS Security Context KASME with the associated key set identifier, the UE security capabilities, and the uplink and downlink NAS COUNT (NAS Sequence number) values. Contents of 5G Security Context KAMF with the associated key set identifier, the UE security capabilities, and the uplink and downlink NAS COUNT (NAS Sequence number) values.

During the idle state, a mobile device uses the security features of its home network which are operated with a particular RAT, i.e. GSM, UMTS, LTE, and 5G. However, as the user and the mobile device moves, either in idle or connected/dedicated state and enters a coverage area of a different network and RAT with good received signal strength, it has to use the security features of the target RAT. In the connected or dedicated state, the ongoing call is transferred through the inter-RAT HO procedure. In this case, the interworking of the security features and mechanism is required and is important to provide seamless communication services to users. ●●

Typical security interworking requirements can be described under the following scenarios:

Scenario #1 Network deployments with all the RATs, i.e. GSM/GPRS, UMTS, and LTE systems Security interworking is required due to the following mobility states of a mobile device or user in a network that deploys all the RATs: ●● ●●

Idle mode or handover from an E-UTRAN to UTRAN and vice-versa. Idle mode or handover from E-UTRAN to GPRS Edge Radio Access Network (GERAN) and vice versa.

Scenario #2 Network deployments with LTE/EPS and 5G systems Security interworking is required due to the following UE modes of operation as well as the mobility states of a mobile device or user in a network that deploy the LTE/EPS and 5G systems.

131

132

Mobile Communications Systems Development ●● ●●

Single registration mode and dual registration mode, which shall be described later in Chapter 16. Idle mode or connection mode, i.e. handover, mobility between the LTE/EPS and 5G systems and vice versa.

In all of the above security interworking scenarios, the network element of the source system and RAT passes the relevant security context information such as the confidentiality key, integrity key to the network element of the target system, and RAT. Using the provided information, the target system and RAT map and derive their security keys to enforce their security features between the mobile device and the network. In other words, the source security context information is mapped and used to derive the target system security context for a successful security interworking during intersystem mobility. For example, in a UTRAN/GERAN to LTE E-UTRAN system handover, the SGSN will derive and transfer to the MME a confidentially key and an integrity key. Based on this information and other input parameters, the MME and UE can derive KASME, a 256-bit length key. If a security interworking feature fails, the mobility of a mobile device and its use may also fail from one RAT to another RAT. For further details on KASME, refer to TS 33.401 [86], appendix A.2. Similarly, in an LTE E-UTRAN to UTRAN/GERAN system handover, the MME derives the confidentially key and an integrity key from the key KASME and passes it to the SGSN which in turn derives its keys to be used in the target RAN.

­Chapter Summary Security is one of the most important features of the mobile communications systems and networks that are available today. Security tasks are performed by the mobility management layer of the respective communications systems, i.e. GSM, GPRS, UMTS, LTE, and 5G. This chapter presented the various security features and their corresponding methods/algorithms that are used to provide secured communications services to subscribers by the respective mobile communications systems, i.e. GSM, GPRS, UMTS, LTE, and 5G. The security features of the 5G system shall be further described in Chapter 16. The UMTS security architecture evolved from the GSM security system. Similarly, LTE security architecture evolved from the UMTS security system. Only user authentication and data encryption are performed in the GSM system, whereas integrity protection of signaling messages and network authentication by the mobile are also performed as part of security procedures in the UMTS and LTE systems. Though the security features are known by the common name, they are implemented and realized using different algorithms and keys that vary from GSM to the 5G network. For more details on these security algorithms and keys, the reader is recommended to refer to the technical specifications mentioned in the reference section of this book. This chapter also presented the network elements and protocol layers that are responsible and perform a particular security procedure. Protections of the signaling messages for the AS and NAS layers of the UMTS, LTE, and 5G systems were discussed. We closed this chapter with another important aspect, that is, the requirements of the security context and security interworking for a multi-RAT capable mobile device to support the intersystems mobility among the different communications systems and networks.

133

Part II Operations and Maintenances In this part of the book, the operations and maintenances (O&Ms) of a mobile communications network, based on the GSM to the 5G system, are discussed. O&M system makes it possible to run a communications network smoothly on a day‐to‐day basis. So far, the reader has learned that a mobile communications network consists of interworking network elements and systems from different vendors that work on open as well as vendor‐specific technical standards. A mobile communications network consists of various physical and logical interfaces interconnecting different network elements from the same or different OEMs. One can expect the day to day field issues from a complex mobile communications network. Sometimes, the field issue could be a challenging as well as an exciting one that is hard to reproduce in a laboratory. Day‐to‐day network operations issues may result from the various sources/factors which could be due to an operator’s network element, other vendor’s network element, inter‐working, configuration, network planning issues, air interface issues, application protocols or platform software issues, and so on. For continuity of communications services, each one of these issues must be addressed to isolate and fix the actual root causes. For these purposes, a mobile communications system’s network element must have the built‐in capability to aid in troubleshooting day‐to‐day network related issues. Apart from this, a communications system must have the facility to evaluate its performance on a daily basis or periodically as required by the operator. This part of the book contains three chapters, and their purposes are as follows. Chapter 10 describes the Alarm mechanism used to notify the occurrence of an abnormal event to the O&M operator. Chapter 11 describes the Key Performance Indicator mechanism through which an operator can evaluate the performance of a communications network. Chapter 12 describes the different types of field issues that may appear in a mobile communications system and network. It also describes the available network troubleshooting tools that can be used to collect the required information from the field. The above chapters form the network maintenance part of the system engineering aspects of a mobile communications system as described in Section 2.4.5. Overall, the information collected from the field, the alarms, and the KPI data can be used to troubleshoot the field issue by the O&M operator or by the developer of a particular network element.

135

10 Alarms and Faults Managements ­Introduction In this chapter, we will discuss the alarm mechanism through which the runtime occurrences of various important events are reported by a mobile communications network element to the operation and maintenance (O&M) operator. Alarms are important for the day-to-day O&M as well as faults managements of a mobile communications network. An alarm draws the attention of the O&M operator, and depending on the criticality of the alarm generated, corrective actions are taken by the operator in a timely manner, to avoid probable service outages, as part of fault management steps. A 3rd Generation Partnership Project (3GPP) technical specification (TS) describes the possible runtime abnormal events for the concerned protocol layer for the various procedures performed by it. The abnormal events are converted into alarms, which is implementation specific, for the concerned protocol layer. A network element may also define its Original Equipment Manufacturer (OEM)-specific events and alarms. This chapter begins with the definition of an alarm and its classifications. It is followed by the identifications of typical abnormal events as described in a 3GPP TS for its corresponding protocol layer and its procedures and shows how it can be converted into a possible alarm. This chapter ends with an example of definitions of typical alarms and their descriptions using which the O&M operator takes appropriate action as part of the fault management steps.

10.1 ­Network Elements Alarm and Its Classifications Generally, an alarm in any system represents an important, abnormal and unexpected event being detected by the entity that had raised the alarm. Similarly, there are provisions of rising of alarms in mobile communications systems also to notify the O&M operator of the occurrences of abnormal events. Upon detection of a particular alarm, the O&M person applies the corrective/suggestive actions for each alarm. Depending on the extent of services being affected, an alarm can be classified as follows: ●●

Critical Alarm

A critical alarm should be addressed as soon as possible and may require a quick workaround or solution to the event or problem being identified; otherwise, it would affect the ongoing services as well as further block the services provided by the mobile communications network. ●●

Major Alarm

A major alarm may represent an event with a significant impact but does not disturb the ongoing operations of the network element. ●●

Minor Alarm

Mobile Communications Systems Development: A Practical Introduction to System Understanding, Implementation, and Deployment, First Edition. Rajib Taid. © 2021 John Wiley & Sons Ltd. Published 2021 by John Wiley & Sons Ltd.

136

Mobile Communications Systems Development

A minor alarm does not represent an event with a significant impact. Alarms may be raised for notification and information purposes also.

10.2 ­Sources of Abnormal Events and Alarms In mobile communications networks, various abnormal events may occur during their runtime, leading to the generation of alarms of different natures as mentioned in the preceding section. Typical sources of abnormal events that are responsible for the generation of alarms are as follows: ●● ●●

●●

●● ●●

●●

Software fault, for example, a process crash. Hardware fault, for example, base transceiver station (BTS) or trans-receiver (TRX) malfunction, leading to the unavailability of radio channels. A communication link breakdown between the sender and receiver, or sometimes, the receiver sends back erroneous data to the sending network element. Unsuccessful completion of a protocol layer signaling procedure between two peer network elements. Excessive retransmissions due to air interface or Transmission Control Protocol/Internet Protocol (TCP/IP) transport network issues. Expiry of a timer at the sender end because of a lack of response from the peer.

Generally, a hardware or software fault alarm is vendor/OEM specific and may require a proprietary solution. A 3GPP TS does not define and describe such vendor-specific hardware or software alarms and their requirements. But a 3GPP TS describes the abnormal events of a protocol layer and their associated procedures. A 3GPP TS also describes the provisions for notifications and corrective action for an alarm to the O&M operator as described below.

10.3 ­Identifying Sources of Alarms from 3GPP TSs As mentioned in the previous sections, an abnormal event or an error that is detected by a network element of a mobile communications network is informed to the O&M operator in the form of an alarm. A network element supports multiple logical interfaces and protocol layers where several abnormal events may be generated at runtime. Each logical interface and its protocol layer have different sources of abnormal events for different procedures executed from time to time as described in the concerned 3GPP TS. A system or a protocol layer designer may translate each abnormal or normal event, either reported by the peer network element or generated within the same network element due to local errors, into an alarm definition. In general, an alarm may be raised as a result of the following types of abnormal events that are generated due to the various functions and procedures of a protocol layer described in a 3GPP TS. ●●

●●

●●

Abnormal Conditions, which may be related to the signaling functions and procedures performed by a protocol layer of a particular network element with the peer. Timer-dependent protocol procedures generally result in an abnormal scenario. Protocol Layer Error, between two network elements over a particular logical interface. Generally, air interfacerelated causes result in protocol errors. Abnormal Conditions due to Local Errors.

10.3.1  Abnormal Conditions Runtime abnormal conditions mostly arise from time-dependent events. In a mobile communications network, an abnormal condition may occur if a particular signaling function or procedure, e.g. a reset operation, of a protocol layer between two network elements is not completed successfully within the allowed maximum

Alarms and Faults Managements

time duration and retry attempts. Failure of a signaling procedure may further impact the subsequent signaling procedures between the concerned network elements. An abnormal condition may arise due to the nonreceipt, by the sender, of a timely response from the peer (receiver) network element/protocol layer for a timer-dependent signaling procedure. The reasons could be again due to several factors such as the following ones: ●● ●● ●●

●●

Buggy or malfunctioning software module for a particular protocol layer. Malfunctioning hardware devices. A 3GPP specification noncompliant/nonconforming network element, e.g. Mobile station (MS)/User Equipment (UE). Congestion in the intermediate connecting network.

Note that not all of the functions or procedures performed by a protocol layer are time dependent. Some signaling procedures may be performed without waiting for their responses from the peer. A section called “Abnormal Conditions” is generally available in a 3GPP TS of the concerned protocol layer. Each signaling function and procedure performed by a particular protocol layer has its corresponding Abnormal Conditions section for which an alarm may be raised containing the reason for raising the particular alarm. Using the particular reason or cause, the operator may identify the fault location and take corrective actions to prevent disruptions, either ongoing or new, in services. A list of possible reasons or error causes and their meaning can be found in the concerned TS. For example, consider the General Packet Radio Service (GPRS) Gb interface between the Global System for Mobile Communication (GSM) base station controller (BSC) and Serving GPRS Support Node (SGSN). The Gb interface protocol stack contains the Base Station System GPRS Protocol (BSSGP), refer to TS 48.016 [135], NS protocol layer, refer to TS 48.018 [136]. The concerned 3GPP TS of these layers mentions all the possible abnormal conditions that may occur between the BSC and SGSN due to the unsuccessful completion of a particular signaling procedure over the Gb interface. If such an abnormal event occurs, a necessary alarm will be raised by either of the entities (sender or receiver) for the operator’s immediate attention, which is followed by a recovery action for the concerned event. Alarm generated due to abnormal events is illustrated later in Section 10.4.

10.3.2  Protocol Layer Error Handling Protocol layer information is exchanged between two peer protocol layers in terms of various information elements (IEs). Sometimes, an IE may carry an erroneous and unexpected value as detected by the receiver protocol layer, due to various reasons. One of the most troublesome areas of a mobile communications network is the air interface between the MS/UE and the Radio Access Network (RAN). Because of the poor radio conditions, the information transmitted by the MS/UE may be distorted, resulting in an erroneous data at the receiving end. Other sources of errors that make a receiving network element detect erroneous information are as follows: ●● ●● ●●

Poor conditions of a physical interface between a sender and receiver. Buggy or malfunctioning software that is handling a particular protocol layer. Malfunctioning hardware devices and so on.

To handle such a protocol message’s error, a 3GPP TS may also contain, in general, a section called “General Protocol Error Handling”. The protocol error handling section of a 3GPP TS describes the various types of events such as the erroneous and nonerroneous along with corrective actions to be taken upon occurrences of a particular event. For example, consider the mobile radio air interface Layer 3 signaling protocols messages, CS and PS domains, exchanged between an MS/UE and the core network through the RAN. Air interface Layer 3 protocol message consists of a header, message type, and various IEs. An incorrect value for anyone of this information may be detected at the receiver end, leading to an erroneous event. For example, if a particular air interface Layer 3 message contains

137

138

Mobile Communications Systems Development

a Mandatory (M) or Conditional (C) information element but the same is not present in the message being transmitted, then the receiver would flag it as an error condition. The receiver will report it to the sender with an appropriate cause, say “Missing Mandatory IE”, “Missing Essential IE”, or “Missing Conditional IE”. A protocol error event may be also generated as a result of the receiving of a message that is not expected in the current state of the receiving protocol layer or the message is unexpected and unknown by the receiving protocol layer. All such protocol events and their error codes of various signaling procedures of a protocol layer are described by the concerned 3GPP TS. The concerned protocol layer of a core network element has a mechanism to report, to the RAN, such an erroneous data received from the peer protocol layer of an MS/UE over the air interface. Some protocol layer provides a special protocol data unit (PDU) called “STATUS” that is used by the receiving network element, say the GSM MSC, to report the occurrence of an erroneous value, to the sender network element, say the BSC, and vice versa. The STATUS PDU contains the complete PDU, as received by the receiver, containing the erroneous value(s) so that the operator or developer can determine the IEs and their erroneous values. On receiving a STATUS PDU, an alarm is generated by the original sender network element, e.g. BSC, to its O&M operator. Alarm generated due to a protocol error event is illustrated later in Section 10.5.

10.3.3  Abnormal Conditions Due to Local Errors A network element must also have the mechanism to alert on the occurrence of nonprotocol-related or local erroneous events so that the O&M operator can take appropriate action. Abnormal scenarios or events due to local errors are OEM and implementation specific and are not defined by the 3GPP TS. Upon detection of a local erroneous event, the concerned network element’s alarm management system may raise a customized alarm to notify the operator. Examples of localized network element-specific errors due to which alarms may be raised are as follows: ●● ●● ●● ●● ●●

Critical process crash, Resource unavailability for allocation to a UE/MS, Channel activation failure, Hardware synchronization issues, and Disk space below a certain threshold and so on.

In summary, in the preceding text (Sections 10.3.1–10.3.3), the identification of sources of various abnormal conditions from a 3GPP TS as well as network element-specific local errors has been described. The method of reporting and handling of such abnormal conditions or protocol errors varies from layers to layers. For the specific error handling mechanism employed by a protocol layer, the reader may refer to the protocol error handling section of the concerned 3GPP TS. In the subsequent Section 10.4, the typical design and typical components of an alarm management system of a network element with its interfaces to other protocol layers and O&M are described. In Sections 10.6 and 10.5, the identifications of typical abnormal events and protocol errors from a 3GPP TS and their corresponding sample alarms descriptions and generations are also described.

10.4 ­Design and Implementation of an Alarm Management System To notify about the occurrences of abnormal events or errors in a mobile communications network, a centralized alarm management system may be designed and implemented for a particular network element only, e.g. BSC, Mobility Management Entity (MME), SGSN, and AMF. The alarm management system is implementation specific even for a particular mobile communications system. The relevant abnormal events as described in the concerned 3GPP TS may be considered and implemented in the alarm management system of a particular network element. The centralized alarm management system of a network element is responsible for the following typical tasks:

Alarms and Faults Managements ●●

●●

●●

●●

Interface for accepting notifications of abnormal events from the different protocol layers of the concerned network element; Interface for the O&M operator for provisioning and configuring of alarms for different protocol layers of a network element; Interface for notifying the O&M operator as well as the clearing of it about the occurrences of various events; and Archival of the alarms generated and cleared for the entire network element.

10.4.1  Design and Components of an Alarm The alarm management system may define and describe an alarm in the form of an alarm manual for each of the identified abnormal events as well as the informational notification to be generated from time to time in a predefined format. An alarm may be designed to have the following typical components/attributes: ●● ●● ●● ●● ●● ●● ●● ●●

Unique identification for an alarm Alarm name or title Date and time Alarm type, i.e. critical, major, or minor A short description of the alarm Alarm parameters from 1. . .n Instructions/corrective actions to be taken by the O&M operator upon the occurrence of the concerned alarm Default action, i.e. action to be taken by the alarm management system if the operator does not take any action.

Every alarm is given a unique identifier in a particular communications system. The data included in the alarm being generated contains the critical information that helps in the identification of the source of the alarm, the reason for the alarm, and so on. The reason for an alarm being generated may be specified as mentioned in the concerned protocol layer and its 3GPP TS. The alarm data may also include the related identifiers of logical objects such as MS identity (e.g. Temporary Logical Link Identifier [TLLI], Globally Unique Temporary Identifier [GUTI]), BTS identity, Temporary Mobile Subscription Identifier (TMSI), a GPRS Tunneling Protocol (GTP) tunnel identification, eNodeB UE ID, MME UE ID, and AMF set ID. Note that some of the alarm data may be designed to be mandatory, while some are optional in nature. The date and time of the occurrence of an alarm are important as they help to correlate with the time of occurrence of the actual issue.

10.4.2  Alarm Application Programming Interfaces (APIs) The centralized alarm management system of a network element may provide generic application programming interface (API) facilities for configuring alarms and raising and clearing of alarms by different protocol layers of the concerned network element. Such generic APIs facilitate the request for raising and clearing of alarms from the different protocol layers with various alarm data in predefined formats only.

10.4.3  Alarm Database The alarm management system may provide facilities for archival of alarms into a database for its future references and retrieval. The alarm database may contain both active and historical alarms. A typical alarm management system that may be implemented in a network element with all the typical components and interfaces is illustrated in Figure 10.1.

139

140

Mobile Communications Systems Development

Figure 10.1  Illustration: a typical alarm management system.

Alarm Definitions

3GPP TS Protocol Layer 1

O&M operator/ Admin Configure Alarm

Raise or clear alarm (a,b,c…)

Object 1

3GPP TS Protocol Layer N

Object N

raise or clear alarm (a,b,c…) Alarm Management System

Raise Alarm

Clear Alarm

Alarm Database

Alarm Output

As illustrated in Figure 10.1, the alarm management system may be implemented as a separate module with interfaces to various protocol layers and other modules of a network element. The O&M operator or administrator configures the alarms into the alarm management system. Logical objects, 1..N (1 to many), representing various physical hardware, for example, a BTS, BSC, eNodeB, and MME, are also configured by the alarm management system against whom an alarm is generated. Protocol layer-specific alarm, as described by the concerned 3GPP TS, is configured into the alarm management system. Upon detection of an abnormal event, a protocol error, or local error, the concerned protocol layer sends the request for raising or clearing of existing alarms through the APIs exposed, e.g. raise_or_clear_alarm (. . ..) by the alarm management system. The alarm is generated and sent to the display unit for the O&M operator console.

10.5 ­Alarm Due to Protocol Error In this section, the handling and reporting of typical protocol errors over the air interface of GSM/GPRS and Long-Term Evolution (LTE)/Evolved Packet System (EPS) systems are illustrated and described below: ●●

GPRS System Alarm Due to Protocol Error

Figure 10.2 illustrates the protocol error scenarios and generation of the corresponding alarms in the case of the GPRS system. This figure illustrates the notification of protocol errors over the air interface using the RR STATUS message and the STATUS PDU over the GPRS Gb interface between the BSC and the SGSN. As illustrated in Figure 10.2, the BSC sent an RR layer message to the MS over the air interface. If the MS finds an RR protocol layer-related error, it will be notified to the BSC through the RR STATUS message containing the RR Cause. Refer to TS 44.018 [130] for more details on the possible RR causes. Upon receiving the RR STATUS message, the BSC will notify the O&M operator about the occurrences of the protocol error through an alarm with mandatory as well as optional data. Similarly, as illustrated in Figure 10.2, the BSC sent a BSSGP layer PDUs to the SGSN over the Gb interface. If the SGSN finds a protocol error for any kind of BSSGP layer PDUs, it will be notified to the BSC through the

Alarms and Faults Managements

Figure 10.2  Illustration: protocol error reporting using STATUS PDU.

MS

Base Station Controller Message

SGSN

X

Error Detected? RR STATUS [RR Cause] Generate Alarm: Y …….

BSSGP PDU: Y Error Detected STATUS PDU [Message: Y]

Generate Alarm: Y

STATUS PDU containing the complete BSSGP layer erroneous PDU. Refer to TS 48.018 [136] for more details on the STATUS PDU of the Gb interface. Upon receiving the STATUS PDU, the BSC will notify the O&M operator about the occurrences of the protocol error through an alarm with mandatory as well as optional data. The flow of the RR STATUS message or STATUS PDU is bidirectional, and it can be used by both the peer network elements for notification of a protocol error to each other. ●●

LTE/EPS and 5G NAS Layer Alarm Due to Protocol Error

Consider the occurrence and reporting of a protocol error that occurred between a UE and MME of an LTE/ EPC network over its air interface. In an LTE/EPS network, the air interface NAS layer Evolved Packet System Mobility Management (EMM) STATUS or Evolved Packet System Session Management (ESM) STATUS message is used to notify the occurrence of a protocol error for the LTE/EPS mobility management and session management signaling procedure that is performed between a UE and the MME. The ESM STATUS or EMM STATUS message can be used by both the UE and the MME to report a protocol error to each other. Similar protocol errors are reported by the 5G MM and SM layers also using the 5GMM STATUS and 5GSM STATUS messages, TS 24.501 [47]. A protocol error scenario between a UE and the MME of an LTE/EPC network is illustrated in Figure 10.3. In this illustration, the protocol error is notified by the UE using the ESM STATUS or EMM STATUS message. Figure 10.3  Illustration: LTE/EPS protocol error reporting using ESM or EMM STATUS message.

UE

EPC MME EMM, ESM Message: X EMM STATUS or ESM STATUS [Cause] Generate Alarm: Z

141

142

Mobile Communications Systems Development

As illustrated in Figure 10.3, the ESM/EMM STATUS messages contain the EMM or ESM cause to report the reason for the protocol error detected by the UE. Examples of EMM causes are semantically incorrect messages and invalid mandatory information. Examples of ESM causes are Invalid EPS bearer identity, Invalid PTI value, and so on. On receiving the ESM STATUS or EMM STATUS message, the MME may generate an alarm to the O&M operator to notify the occurrence of the protocol error. For all the possible ESM and EMM protocol error causes, refer to TS 24.301 [46].

10.5.1  Sample Protocol Error Alarm Description In the previous section, the typical protocol error reporting mechanisms for the GSM/GPRS, LTE/EPS, and 5G networks were described and illustrated. This section describes a protocol error alarm generated by the MS; BSC, UE, or MME; or 5G core AMF/SMF due to their corresponding STATUS message. Various alarms descriptions in detail may be found in an alarm manual of a network or network element. Such an alarm manual becomes helpful during the troubleshooting of an issue that is reported from the field. ●●

For GSM Air Interface Protocol Error Description, refer to Figure 10.2

Alarm ID: 12345 Alarm Name: GSM RR STATUS ALARM Alarm Description: MS or BSC generates this alarm on detecting the GSM RR layer error. Alarm Type: Major Parameters: MS-TEMP-ID RR_CAUSE Instructions: ................................................................ Default Action: .............................................................. ●●

5G System NAS Layer Protocol Error Description

Alarm ID: 12345 Alarm Name: 5GS 5GMM_5GSM STATUS ALARM Alarm Description: UE or AMF/SMF generates this alarm on detecting an 5G system NAS layer protocol error Alarm Type: Major Parameters: Protocol-Discriminator 5GMM_5GSM_CAUSE Instructions: ................................................................ Default Action: .............................................................. As illustrated above, a generic alarm may be designed and used to report either an LTE ESM or EMM layer or 5GSM or 5GMM NAS layer-related protocol error, though the message formats of ESM STATUS/EMM STATUS or 5G SM/5GMM STATUS are different. The protocol discriminator, e.g. ESM (0x2) or EMM(x7), may be included as the alarm data to identify the type of the alarm, i.e. ESM/EMM STATUS or 5GMM/SM STATUS.

10.6 ­Alarm Due to Abnormal Conditions In this section, alarm generations due to abnormal conditions with respect to the GPRS tunnelling protocol (GTP) shall be described and illustrated. The GTP is used in a couple of logical interfaces in GPRS, Universal Mobile Telecommunications System (UMTS), LTE/EPS and 5G core network. ●●

Alarm Generation due to GTP Path Management Failure

Alarms and Faults Managements

Consider the GTP that is used to tunnel user data in an IP-based mobile communications system such as the GPRS, LTE/EPS, or 5G system. The GTP has the control as well as the user plane protocols for transferring control information and user data, respectively, between two network elements. One common function performed by GTP control and user plane protocol is the GTP path management between two GTP entities. For more details on the GTP, refer to TS 29.060 [67], TS 29.274 [70], and TS 29.281 [72]. A GTP path is a GTP tunnel endpoint which consists of an IP address and a User Datagram Protocol (UDP). A GTP endpoint is identified by a tunnel identifier (TEID). Subsequent Sections 10.6.1 and 10.6.2 illustrate the usages of the GTPv1-U plane over the LTE/EPS S1-user plane interface, for tunneling of user data, between the E-UTRAN/eNodeB and the S-GW of LTE/EPC for normal and abnormal scenarios. There are protocol entities or software processes that implement the GTPv1-U in the eNodeB and S-GW. As mentioned above, one of the tasks performed by the GTPv1-U is the path management between the eNodeB and the S-GW. It is similar to the Keep-Alive procedure that is used in the case of the TCP layer of an IP network. The GTPv1-U path management procedure consists of the exchange of the Echo Request and Response messages between the eNodeB and S-GW. For the message format and its contents, refer to TS 29.274 [70] and TS 29.281 [72]. Note that the GTP path management procedure is performed separately and independently by each GTP entity of the network element.

10.6.1  Normal Scenario Figure 10.4 illustrates the normal scenario where an Echo Request and Response messages are exchanged, indicating a GTP user plane tunnel is UP and running, between the LTE eNodeB and the S-GW. As shown in Figure 10.4, the GTPv1-U entity/process at the eNodeB end sent the Echo Request message to the peer entity at the S-GW end and incremented the echo request counter by one. The GTPv1-U entity at the S-GW replied an Echo Response message to the peer at the eNodeB end, which completes the successful testing of the GTP tunnel/path between them.

10.6.2  Abnormal Scenario Figure 10.5 illustrates an abnormal scenario where there is no Echo Response message, for an Echo Request sent, from the GTPv1-user plane entity at the SGW end to the LTE eNodeB. The process is repeated at the expiry of the GTP echo request start timer with the increment of the echo request counter. As the echo request counter has exceeded the threshold configured by the O&M operator, the process is stopped; the GTPv1-U entity at the eNodeB end marked the tunnel or path as unavailable and raised the

Figure 10.4  Illustration: normal GTP user plane echo request and response.

eNodeB GTP Process/ entity

S-GW GTP Tunnel or Path Start Timer Echo Request [TEID...] Set Echo Request Counter =1

Stop Timer

Echo Response [TEID…]

Reset Echo Request Counter

GTP Process/ entity

143

144

Mobile Communications Systems Development eNodeB

GTP Tunnel or Path

Start Timer GTP Process/ entity

S-GW

Echo Request [TEID..]

Set Echo Request Counter =1+…..

Figure 10.5  Illustration: An abnormal scenario in LTE/EPS: GTP alarm generation.

GTP Process/ entity

Timer Expired i.e. No Echo Response from the Peer GTP entity. Increment the Echo Request Counter by 1. If Echo Request Counter < Threshold resend the Echo Request. Else Echo Request Counter > Threshold, Stop the echo request; mark the GTP tunnel as not available; raise alarm.

corresponding alarm as illustrated in this Figure 10.5. As a result of the GTP tunnel or path failure along with the generation of the corresponding alarm, the associated bearer context may be deleted after a certain interval. The duration of the timer and echo request counter shown in the above illustrations are maintained by the sending GTP entity. They are configurable by the O&M operator. A similar alarm may be also generated due to the IP endpoint (IP address and UDP Port) test failure in case of the GPRS Gb interface, on top of the IP transport network, between a BSC and the SGSN.

10.6.3  Sample Alarm Description The typical components of an alarm were described earlier in Section 10.4.1. Generation of an alarm because of the GTP user plane path failure between the eNodeB and the S-GW was illustrated in Figure 10.5. The generic description of the alarm illustrated in Figure 10.5 may be provided as follows: Alarm ID: 12345 Alarm Name: GTP U-PLANE PATH TEST FAILED Alarm Description: Generate this alarm on detecting the GTP user plane path test failure between eNodeB and S-GW. Alarm Type: Critical Parameters: Tunnel-ID IP_Address UDP_Port 123 123 Instructions: Check the IP connectivity between eNodeB and S-GW Check that the GTP entities are UP and running Default Action: Clear the Bearer Contexts after a configurable delay. As Illustrated above, the GTP user plane path test failed alarm may be designed to contain the Tunnel identifier, IP address, and UDP Port of the remote GTP entity as the mandatory data. These alarm data are part of the Echo Request and Response message that is exchanged between the eNodeB and S-GW or the concerned GTP entities. The alarm may also contain the optional data, for example, shown as 123 123, in the above illustration.

Alarms and Faults Managements

10.6.4  Sample Alarm Generation The GTP user plane path test failed alarm described in Section 10.6.2 that may be generated on the O&M operator console may appear as illustrated below: Alarm:12345 GTP U-PLANE PATH TEST FAILED DD-MM-YYYYHH:MM:SS Parameters: 6789 123.123.123.123 123 As illustrated above, the Alarm ID is 12 345; Tunnel ID is 6789, IP Address: 123.123.123.123; UDP Port: 123. The optional data of the alarm are not shown in the above illustration. Based on the information available in the generated alarm, its root cause analysis is carried out to isolate the source, i.e. sender, receiver, or IP transport network, of the issue. Further debugging may be carried out by a developer to rule out any software-related issue behind the generated alarm.

10.6.5  Sample Protocol Error Alarm Generation ●●

Alarm generated due to the GSM air interface RR layer STATUS message

Refer to Figure 10.2 for a protocol error alarm generated due to the GSM RR STATUS message from the MS to the BSC. A protocol error alarm generated due to the GSM RR STATUS message may appear on the O&M operator console as follows: Alarm: 12345 RR STATUS ALARM DD-MM-YYYY HH:MM:SS Parameters: 0x12345678 0x60 In the alarm illustrated above, the MS identity could be the TMSI; the RR cause of the alarm is “Invalid mandatory information” that is included in the RR STATUS message. Refer to the 3GPP TS 44.018 [130] for all the possible RR causes related to the RR layer protocol error. ●●

Alarm generated due to the LTE/EPS NAS layer ESM/EMM STATUS message

A protocol error alarm may be generated either by the UE or MME because of an ESM or EMM layer STATUS message sent/received by them over the air interface as illustrated earlier in Figure 10.3. Refer to the 3GPP TS 24.301 [46] for the definition of the LTE/EPS NAS layer EMM STATUS or ESM STATUS message. A sample LTE protocol error alarm as a result of the ESM STATUS message is illustrated below: Alarm: 12345 ESM/EMM PROTOCOL ERROR DD-MM-YYYY HH:MM:SS Parameters: 0x2b In this alarm, the protocol error cause is illustrated to be the Invalid EPS bearer identity (0x2b). ●●

Alarm generated due to the 5G NAS layer 5GSM/5GMM STATUS message

Similarly, the generation of a typical protocol error alarm by the 5GMM or 5GSM layer is illustrated below due to the same error or 5G MM/SM status code: 0x2b (Invalid mandatory information). Refer to TS 24.501 [47] for all the probable 5GMM/5GSM cause codes. The first parameter in the alarm indicates the extended protocol discriminator, which is 0x7E for the 5GMM layer and 0x2E for the 5GSM layer. Alarm: 12345 5GSM/5GMM PROTOCOL ERROR DD-MM-YYYY HH:MM:SS Parameters: 0x7E 0x2b Alarm: 12345 5GSM/5GMM PROTOCOL ERROR DD-MM-YYYY HH:MM:SS Parameters: 0x2E 0x2b

145

146

Mobile Communications Systems Development

10.7 ­How to Troubleshoot Protocol Error Using the Alarm Data Supplementary information included as part of an alarm data becomes very useful while debugging the root cause of the failure of a particular abnormal event, either due to a protocol error or expiry of a signaling procedure timer. Let us consider the debugging of the protocol error issues in a 5G and LTE/EPS network from alarm data. ●●

LTE/EPS or 5G Network Protocol Error Issue

Consider the protocol error alarm generated due to the 5G NAS layer 5GMM/5GSM STATUS message described in Section 10.6.5. The second alarm data 0x2b is the cause of the protocol error which is the Invalid mandatory information; refer to Table: 9.11.3.2.1/Table: 9.11.4.2.1 in TS 24.501 [47]. Thus, the O&M operator or the RAN developer would conclude that the source of the protocol error alarm issue was the UE itself indeed because the 5G Next-Generation Radio Access Network (NG-RAN) transparently forwards UE NAS signaling messages to the 5G core AMF/SMF without processing it. Further debugging of protocol error issue may be continued by the handset research and development, followed by the RF team, if required, for any possibility of corruption of data over the LTE or 5G NR air interface.

­Chapter Summary This chapter presented the alarm mechanism which is used to report the occurrences of a runtime abnormal or informative event to the O&M person of a mobile communications network. An alarm management system was covered which is common among the network elements of mobile communications systems and is one of the important components and functions performed by a network element. An alarm management system is an integral part of a network element that provides interfaces for generation and notification on the occurrences of abnormal events to the O&M operator of a mobile communications network. Alarms generated by an alarm management system of a network element help in identifying and rectifying issues promptly on the probable causes of abnormal events, protocol errors, or other local errors. In this chapter, we covered the various sources of abnormal events, in general. Identification of abnormal events and protocol errors from a 3GPP TS that may be used to design and implement an alarm was described. The typical description of an alarm and its generation for protocol errors and abnormal events observed over the LTE, 5G NR, and GSM air interfaces and GPRS Gb interface were illustrated. In fact, every logical interface of mobile communications networks may specify its protocol error or abnormal error handling mechanism as described by the concerned 3GPP TS, which varies from protocol to protocol. The reader may further refer to the 3GPP TS of the interested logical interface and its error handling mechanism employed over it. We closed this chapter with the typical steps that may be used in finding the probable cause of an abnormal event or protocol error through available alarms and their data.

147

11 Performance Measurements and Optimizations of Mobile Communications Networks ­Introduction The network elements of mobile communications systems and networks perform various functions and ­procedures to provide communications services to users. As described in the previous chapter, various kinds of abnormal errors and events may occur during the runtime of a mobile communications network. Because of such abnormal errors and events, a signaling procedure between a Mobile Equipment (ME)/User Equipment (UE) and the ­network may end unsuccessfully, which would further block the registration of a mobile device and its user with the network. For a network operator, such failures are not acceptable from the network services quality and its performance point of view. For performance measurement purposes, mobile communications systems and ­networks must have the capability to report the success or failure rate of different signaling procedures and functions ­performed by its network elements or the usages of the service by its users. This chapter begins with the concept of a counter, which is a scalar quantity that keeps track of the number of completion of particular signaling or user traffic event, either a success or failure, in a particular location or cell of a mobile communication network. In this chapter, we also cover the method of measuring the performances and optimizations of a mobile communications network against each signaling function and procedure performed or on the various resource allocations by its network elements. A particular performance is measured through a metric. Such a performance-related metric is known as the Key Performance Indicator (KPI). A counter is used as the basic fundamental quantity in conjunction with a KPI. From a KPI value, the performance of a network element with respect to the concerned function, procedure, or services can be evaluated for its further improvements.

11.1 ­Counters for Performance Measurements and Optimizations A counter is, generally, an identifier that can be used to record and maintain the information in a cumulative manner about the occurrences and completion, either successful or failure, of a function and procedure performed by the respective network element of mobile communications systems. Typical functions and procedures of network elements that can be tracked through their respective counters are as follows: ●●

Successful or unsuccessful – initial or periodic network location registration (e.g. Global System for Mobile Communication [GSM] location area, General Packet Radio Service [GPRS] routing area and Long-Term Evolution [LTE]/Evolved Packet System [EPS] tracking area update request, and 5G registration area update) signaling procedures;

Mobile Communications Systems Development: A Practical Introduction to System Understanding, Implementation, and Deployment, First Edition. Rajib Taid. © 2021 John Wiley & Sons Ltd. Published 2021 by John Wiley & Sons Ltd.

148

Mobile Communications Systems Development ●●

●●

●● ●●

Successful or unsuccessful resources allocation (e.g. GSM timeslots, LTE/EPS resource block, modulation ­coding schemes) procedures; Successful or unsuccessful initial network registration (e.g. GPRS ATTACH, and LTE/EPS ATTACH request, and 5G registration request) signaling procedures; Successful or unsuccessful handover attempts; and The volume of data traffic per cell and so on.

A counter is generally an unsigned integer identifier that holds the cumulative information, at a particular ­ etwork element or a physical object/resource level, of a particular signaling function, procedure, or circuitn switched (CS)/packet-switched (PS) traffic volume at an equal interval, say at one-hour or two-hour interval, of a time of day. Beyond the particular interval, a counter data may be archived for a particular day and time; reset it and start updating it again at the start of the next interval. Such capability allows an operator to examine the hourly network performance for a particular function and procedure. Example 11.1 illustrates the usage of counters for a GSM CS voice call scenario. Example 11.1  Counters to Store GSM Circuit-Switched Voice Call Processing Events In a mobile communications network, there is a concept called “call processing”. This refers to the various stages or phases that a network element, say a base station controller (BSC), becomes engaged to provide an end-to-end service right from the establishment to the successful completion of the call. Different phases of a typical GSM call processing scenario are shown in Figure 11.1 below. As shown in the Figure 11.1, a GSM mobile-originated call processing scenario contains several phases: radio resource connection with the BSC, call setup with the mobile switching center (MSC), a voice conversation between the users, call release, and finally the releasing of the radio resource connection with the BSC. Each phase consists of exchanging signaling messages of different protocol layers between the concerned network elements. As an example, Figure 2.8 in Section 2.2.5 shows the typical GSM radio resource (RR), mobility management (MM), and call control (CC) layer signaling messages exchanged among the MS, BSC, and the MSC for a GSM mobile-originated voice call (MOC). In each of the call processing phases shown in Figure 11.1, various tasks related to the RR layer are performed by a BSC such as the mobile admission control, selection, and allocation of a signaling and radio resources to the MS, channel activation, and so on. The result of the various tasks performed by a network element in a particular phase could be either successful or failure. For example, a BSC mail fails to allocate a traffic channel (TCH) during the radio resource allocation phase. A network element maintains and updates the respective counters for all such important and critical tasks performed by it that are associated with the RR Connection Establishment

e.g. Channel Request, Immediate Assignment

Call Setup

e.g. Call Setup, Call Proceeding

Voice Conversation

…………… ……………..

Call Release

e.g. Disconnect, Release

RR Connection Release

Figure 11.1  GSM CS voice call processing phases.

e.g. Channel Release

Performance Measurements and Optimizations of Mobile Communications Networks

signaling as well as user TCHs. Those counters are updated at the predefined points of a particular call ­processing or signaling procedure phase as decided by the system designer from the performance and ­optimization requirement point of view.

11.2 ­Performance and Optimizations Management System A typical centralized alarm management system of a network element was presented in Chapter 10. Similarly, a centralized performance and optimizations management system (POMS) may be also required to be designed and implemented for a particular network element of a mobile communications network. One such POMS is ­illustrated in Figure 11.2. As illustrated in Figure 11.2, a POMS maintains the counters for protocol layers and their corresponding logical objects of a network element. A logical object may represent particular physical hardware such as a base transceiver station (BTS). Apart from this, a POMS maintains the counters for various signaling functions and procedures performed by different protocol layers of a network element. The Operation and Maintenance (O&M) operator configure all the counters into the POMS. Counters are updated by the concerned protocol layers per physical or logical object. Examples 11.2 to 11.4 illustrate the design and usage of typical counters for some of the scenarios/procedures of the GSM, LTE, and 5G systems.

Counter Definitions Protocol Layer 1 Logical Object 1 Update_Counter()

Protocol Layer 2 Logical Object 2 Update_Counter()

O&M operator/ Admin Configure Counter

Protocol Layer N Logical Object N Update_counter()

Performance and Optimizations Management System

Counter Database

Figure 11.2  Illustration: performances and optimizations management system for mobile communications network.

Example 11.2  Resources Allocation: GSM RR Layer Counters One of the important functions performed by the GSM RR layer is the allocation of a radio resource in terms of a timeslot to an MS from the available radio resources configured by the operator. The corresponding physical resources are the BTS and its transceivers (1: M) that transmits and receives on particular frequencies. A particular BSC serves several cells, and the RR layer may maintain separate counters for each BTS. Also, for each BTS, separate counters are maintained to record the result of the allocation of a timeslot, either a success or failure allocation. Typical counters for each BTS (XX) may be maintained by the POMS as follows: ●● ●●

BTS_XX_NUMBER_OF_SUCESSFULL_ALLOCTION BTS_XX_NUMBER_OF_ UNSUCESSFULL _ALLOCTION

149

150

Mobile Communications Systems Development

Example 11.3  Resources Allocation: LTE Air Interface Modulation and Coding Scheme Allocation Counters One of the factors that determine the rate of data transmission in an LTE system is the allocation and usages of the Modulation and Coding Scheme (MCS) over its air interface. Each MCS is identified by an index. An MCS has its corresponding transport block, carrying upper-layer information. The size, i.e. number of bits, of a transport block is determined from the number of physical resource blocks allocated to it. As described in the 3rd Generation Partnership Project (3GPP) TS 36.213 [91], there are 32 MCS indexes. Typical counters for each MCS index may be maintained by the POMS as follows: ●● ●● ●●

NUMBER_OF_ALLOCATION_OF_MCS_INDEX0 NUMBER_OF_ALLOCATION_OF_MCS_INDEX1 NUMBER_OF_ALLOCATION_OF_MCS_INDEX2

Example 11.4  5G NAS Layer Procedure: Registration Request Procedure Counters In a 5G network, a UE performs a Registration Request procedure during its initial registration with the 5G core network and also periodically to report its current location within a serving 5G core Access and Mobility Management Function (AMF) network function. An AMF may maintain the following typical counters for the successful, failed, and total Registration Requests (RA) received by it within its service area. ●● ●● ●●

NUMBER_OF_SUCCESSFUL_RA_REQUEST NUMBER_OF_FAILED_ RA _REQUEST NUMBER_OF_TOTAL_ RA _REQUEST

11.3 ­Key Performance Indicator (KPI) 11.3.1  What Is a KPI? A KPI tells about the performance of a network element as well as the entire mobile communications system being deployed by a network operator. A KPI is carefully designed from an agreed-upon mathematical formula(s) between the network operator and Original Equipment Manufacturer (OEM) system vendor. A KPI formula could be a simple to a complex one that is derived from an aggregated or various fundamental and individual counters as collected from the individual network elements. A KPI may also contain a network parameter(s). Those measurement counters are recorded by the concerned network element during a particular event or call processing (e.g. Figures  2.8 and  11.1) scenario over a period of time as described in the previous section. KPI results can be plotted through a graph using a spreadsheet application to provide glimpses of the performance and status of the entire network and its network elements. Examples 11.5 and 11.6 elucidate the usages of counters in designing a KPI and its associated formula for some of the protocol layer procedures of the LTE/EPS and GSM systems.

11.3.2  KPI Domains A mobile communications network element, for example, GSM BSC or Universal Mobile Telecommunication System (UMTS) RNC, may offer both the CS (voice) and PS (data) domain services in a cell. For CS and PS domains, the concerned network element shall maintain counters separately for both the types of services that enable an operator to evaluate the performances of its network through respective KPIs results.

Performance Measurements and Optimizations of Mobile Communications Networks

Example 11.5  LTE/EPS ATTACH Procedure: KPI and Measurement Counters Consider the measurement counters and KPI for an LTE/EPS network registration ATTACH procedure performed by UEs in a particular cell X. Typical individual counters and their KPI for the ATTACH procedure can be defined as follows: EPS_ATTACH_COUNTER_CellX  = Sum of all EPS Attach Request messages between, say, 0 : 00 hour to 01 : 00 hour. EPS_ATTACH_REJECT_COUNTER_CellX = Sum of all EPS Attach Reject messages between, say, 0 : 00 hour to 01 : 00 hour. EPS_ATTACH_FAILURE_KPI =  (EPS_ATTACH_REJECT_COUNTER_cellX /EPS _ATTACH_COUNTER_cellX)*100 EPS _ATTACH_SUCCESS_KPI = (1- EPS _ATTACH_FAILURE_KPI)*100 Individual counter or measurement can be collected at a predefined interval, say, 0.5 hour, 1 hour, and so on, and then put their values in the KPI formula as illustrated above. From the result, evaluate and assess the performance of the network element or the entire communications network. A KPI result is generally expressed in percentage (%) term. For example, mobile-originated call success rate KPI is, say 99.99%, handover success rate KPI is 90%, network uptime and availability is 99.999%, and so on. As with other systems, the network availability KPI may indicate the uptime or downtime of the entire network on per hour, per month basis.

Example 11.6  KPI for Mobile Originating (MO) GSM Call Flow The various call processing phases for a GSM MOC were described and illustrated in Figure 11.1. Consider again the GSM MOC flow illustrated in Figure 11.3 below from the signaling and voice traffic resource allocation point of view. The illustration in Figure 11.3 shows the GSM call processing stages consisting of the signaling as well as user voice call TCH allocations. Look at the Figure 11.3 using the top-down approach, which shows the voice call success measurement at the top. A successful voice call results from certain activities that are shown by the horizontal arrow lines in Figure 11.3. The various tasks performed by the BSC, BTS, and MS in this regard are as follows: ●● ●● ●●

Establishment of an RR connection over the Random Access Channel (RACH), which is initiated by the MS Establishment and allocation of dedicated signaling channel (SDCCH) and user TCH by BSC to the MS Call connection and ongoing voice traffic between the users

Voice Call Success Voice Call Setup Success Establishment Success

SDCCH Assignment Success

Establish RR Connection

Get SDCCH

Establish SDCCH Connection

TCH Assignment Success Get TCH

Establish TCH Connection

Normal Call Release Voice

Figure 11.3  Illustration: KPI various stages of a GSM call flow.

151

152

Mobile Communications Systems Development

Once an MS is granted to access the GSM network through the IMMEDIATE ASSIGNMENT message sent on the AGCH, refer to Figure 2.8, all the subsequent signaling messages related to a GSM voice call setup attempt are transported over the SDCCH only between the MS and the BTS. During a GSM voice call setup phase, a call may be released abnormally as a result of the SDCCH drop due to any reason prior to the allocation of a TCH. Similarly, an MS may not be able to establish a GSM voice call because of SDCCH blocking in a particular cell. SMSs are also transported over the SDCCH. The SDCCHs must be configured correctly by the operator. The GSM SDDCH drop rate KPI, in percentage, in a particular cell can be defined as follows: SDDCH DROP RATE = (Total Number of SDCCH drop/Total Number of successful Voice call established on SDDCH)*100 In all of these call processing steps, the respective network element, e.g. MS or BSC, records and updates its counters. These counters are used for KPI calculation in terms of % rate, either success or failure, of various call processing tasks of a GSM mobile-originated voice call, for example, SDCCH signaling allocation rate, successful TCH allocation rate, and voice call setup rate. In general, a call, either a voice or data, processing, or signaling procedure scenario involves the exchanging of the control or signaling plane messages among the network elements of a mobile communications network.

11.3.3  KPI for Signaling or Control Plane In a mobile communications network, a successful establishment and completion of a signaling procedure is the prerequisite for a mobile device to use various communications services in the CS and PS domains. Some of the typical KPIs associated with the GSM, GPRS, UMTS, LTE/EPS, and 5G system air interface Layer 3/NAS layer signaling or control plane protocol layers are mentioned below: ●●

●●

●●

●●

●●

●●

GSM air interface Layer 3 signaling procedures –– Paging success rate; –– Signaling SDCCH drop rate, e.g. user would not be able to communicate as the call establishments will fail; –– Abnormal traffic channel TCH drop rate, e.g. user’s active call will be dropped abnormally; and –– Expiry of important network timers, counters that would lead to the completion of a signaling procedure unsuccessfully, and so on. GPRS/UMTS PS domain: Air interface Layer 3 signaling procedures –– Network registration, i.e. ATTACH, success, and failure rate; –– Session establishments, i.e. Packet Data Protocol (PDP) context activation success and failure rate and so on. UMTS and LTE air interface Layer 3 signaling procedures –– RRC connection setup success rate, blocking rate, and so on. UMTS and LTE radio access bearer signaling procedures –– Radio access bearer successful establishment rate; –– Radio access bearer abnormal failure rate and so on. LTE/EPS air interface Layer 3 signaling procedures –– EPS ATTACH success rate; –– EPS ATTACH failure rate; and –– Tracking area update success rate and so on. 5G system –– Registration procedure success and failure rate; –– Protocol data unit (PDU) session establishments success rate; control plane latency, and

Performance Measurements and Optimizations of Mobile Communications Networks Key Performance Indicator

Control Plane (CS, PS) Layer N ....... Layer 3

Use Plane (CS, PS)

5G Features, Network Architecture,

Throughput

CUPS, NR-U, ...

Latency

NFV, Net. Slicing,

Deployment Scenarios

DSS, MIMO, NPN, mmWave, ...

...

Others KPI

Layer 2 Layer 1

Figure 11.4  Illustration: KPI areas of a network element.

–– Resources allocation success or failure rates for different network slices, i.e. Enhanced Mobile Broadband (eMBB), Ultra Reliable and Low Latency Communications (URLLC), Massive Machine Type Communications (mMTC), other technical performance and so on. Figure  11.4 further illustrates a general overview of the different areas/domains where KPIs are designed, maintained, and updated by a network element. KPI areas /domains could be the control plane as well as the user plane protocol layers. In addition to these, there are other KPI areas such as reliability and energy efficiency, which are defined as the minimum technical performance requirements by the International Telecommunication Union—Radio communications sector (ITU-R) in their report ITU-R M.2410 in the case of the 5G system.

11.3.4  KPI for User or Data Plane Similar to the control or signaling plane, there are also KPIs for the user plane protocols of a mobile communications network, see Figure: 11.4. Typical areas where user plane protocol KPIs are applied are as follows: ●● ●● ●●

Application latency Traffic volume, application or data throughput Different deployment scenarios such as the indoor hotspot, dense urban, rural, urban macro, user plane latency, and so on, in the case of the 5G system, refer to TR 38.913 [27].

Information about the application throughput may be maintained at the cell level. The collective throughput of all the cells shall provide the throughput for the entire network. User or application data passes through the user plane protocol stack. The user plane protocol stack information passes through some of the control plane protocol layers, e.g. radio link control (RLC) layer, which may affect the overall application throughput. As illustrated in Figure 11.4, a network element may provide KPIs for each of its protocol layer against the different functions and procedures performed by it. The values of those KPIs are derived based on the different individual counters and network parameters maintained by the respective protocol layer. Apart from the system-specific signaling KPIs mentioned in the preceding text, there are also KPIs in some of the common signaling areas such as the handover and paging procedures, whose success or failure rates determine the seamless mobility (either intra or inter system) experience of a mobile user. For more examples on typical KPIs, refer to 3GPP TS 32.410 [81], TS 32.450 [82], TS 32.455 [84], and TR 38.913 [27]. Example 11.7 elucidates the usage of counters as part of the root cause analysis to find the reason for a complaint of poor data services reported by a mobile user from a particular cell.

153

154

Mobile Communications Systems Development

Example 11.7  LTE Air Interface Layer 2: RLC Layer and User Application Throughput Counters Consider that a user complained about the slowness of a data session. Let us start troubleshooting the issue from the LTE air interface point of view. As far as the LTE air interface protocol stack is concerned, the user plane protocol layer data, carrying the user traffic, is transmitted by the control plane protocol layers, mainly the RLC, medium access control (MAC), and the physical layer. Similar to the GPRS, UMTS, or 5G system, the LTE air interface Layer 2 RLC layer plays an important role in delivering the expected throughput to an application. Note that the actual throughput delivered to a user application is less than the throughput of the RLC layer as the user data passes through the RLC layer up the protocol stack. The throughput of the RLC depends on the quality of the radio air interface at present due to which the RLC layer may apply the corrective measures, if required, to deliver error-free user traffic to a receiver. To rule out the RLC layer as one of the probable causes of the low data throughput as experienced by the user and its application, the functions performed by the RLC layer is required to be considered. In the acknowledged mode of transmission, the sending LTE RLC layer retransmits the user data in case the receiving RLC layer responds with the negative Acknowledge Mode (ACK) for some of the PDUs carrying user data. During the retransmission of user data, the RLC PDU may be again resegmented. The LTE RLC layer also performs the user data discard functions. All these functions performed by the LTE RLC layer result as the overheads in terms of the additional functions performed by it, which affect the throughput delivered to a user application. Typical measurement counters as shown below may be designed and implemented at the RLC layer so that the occurrences of such overheads and excessive retransmissions may be recorded, which further helps in finding the root may cause of the low throughput issue. ●● ●● ●● ●●

RLC_ACK_RETRANSMISSIONS_COUNT RLC_SDU_DISCARD_COUNT RLC_ACK_RE-SEGMENT_COUNT RLC_ ACK_POLLRETRANSMIT_TIMER_EXPIRED

In an ideal air interface condition, the value of the above RLC layer counters is typically very low. However, an abnormally high value of such counters may indicate a poor radio air interface condition, which could be also the reason for the low user data throughput.

11.3.5  KPI Categories Regardless of the type of services, that is voice or data, and protocol layer, that is control or data plane, the KPIs provided by a mobile communications network can be divided into different categories. Some of the KPIs are common in general, whereas other KPIs are system specific. For LTE-specific KPI categories, refer to TS 32.451 [83]. For 5G system-specific KPI categories, refer to TR 38.913 [27]. Some of the common KPI categories are mentioned below: ●●

Accessibility

This KPI category provides how many times (successful resources granted versus the number of attempts/ requested) a mobile device was granted resources i.e. channels, either traffic or signaling while trying to access the network over a given period. Accessibility KPI = (Successful allocation/Number of allocation requests)*100% ●●

Retain ability

This KPI category provides how long the mobile user was able to continue using the services/call without an abnormal drop/disconnection. For example, if a user is not able to make a GSM call, there may be a high rate of SDDCH drop in the concerned cell.

Performance Measurements and Optimizations of Mobile Communications Networks ●●

Integrity

This KPI category provides the throughput, say in Kbits/second, being allocated to the mobile user. An erroneous communication link may not deliver the expected throughput to the mobile user. ●●

Availability

This KPI category provides how long the communications service was available in a particular cell for a given period of time. ●●

Mobility

This KPI category provides about the success rate of various mobility management signaling procedures, CS domain or PS domain, which were attempted by a mobile device. For example, the success rate of call handover within a GSM system or between GSM and UMTS systems. Call handover types could be GSM intra BSC, inter BSC, intra/inter MSC; LTE, S1 handover, X2 handover, 5G system N2 handover, Xn handover, and so on, and inter-RAT/inter-system handover. Apart from the above categories and also categories as defined in the concerned 3GPP TS, a network operator may also design and use operator-specific customized performance benchmarking (%) KPIs, which are agreed by the OEM or system vendor. Note that different KPIs and their formulas that are designed and used across the network elements of an OEM and operator may not be standardized by the 3GPP.

11.3.6  KPI Evaluation Steps In a mobile communications network, KPIs data may be evaluated periodically by its network operator to assess the performance of different elements, as well as the entire network, as part of its ongoing performance management and optimizations processes. If a particular KPI category and its value drop below a threshold limit, it would affect the service-level agreement (SLA) between the OEM and its network operator. Further, a low KPI would affect the quality of network services from the end user/subscriber point of view. Thus, to maintain the desired SLA level, it is essential to evaluate the KPIs of different categories as part of the ongoing performance management and optimization processes of the mobile communication network. Figure  11.5 illustrates a typical KPI evaluation steps to be performed to meet the SLA in a mobile communication network.

Counters/ Measurement Statistics. Cell #1 ……… ……… Counters / Measurement Statistics. Cell #N

KPIs for a Service Area POMS

Post Processing and Analysis Recommendations Parameter Tuning Software Fix and So On ……………………

Logs/Information Collection

SLA

Figure 11.5  Illustration: KPI evaluation steps of a typical network element.

155

156

Mobile Communications Systems Development

100%

Ideal KPI > 99%, Within SLA

KPI < 60%, Which is Below SLA

50% Mobile Originating Voice Call 0% DD.MM.YYYY

DD.MM.YYYY

DD.MM.YYYY

DD.MM.YYYY

DD.MM.YYYY

DD.MM.YYYY

DD.MM.YYYY

Figure 11.6  Illustration: ideal and poor SLA and KPI for GSM MOC voice call.

A mobile communication network provides services in terms of a service area, e.g. GSM service area, LTE/EPS service, 5G service area, and so on. A service area consists of several serving cells, Cell 1. . .Cell n, and they are under the control of a particular radio access network element or core network element, as shown in Figure 11.5. Measurement counters of different categories, as mentioned above, for a particular type of service are maintained on a per cell basis by the performance management and optimization (POMS) module of the network element. The raw counters and their data may be extracted from the POMS for their postprocessing and analysis using the respective KPI formula. Relevant information/logs too may be collected from the field network in case a KPI value is found to below. The analysis of the different measurements and their counters shall provide information about the network performance in a particular cell, that is, either a problematic cell or meeting the desired SLA level. Further analysis of the measurement counters of all the cells and then putting it into the respective formulas shall provide the KPI results of different signaling procedures and categories for the entire network. From the KPI results and relevant information collected, necessary improvements and corrective measures may be taken step by step, which could be either a software fix or a fine-tuning of system parameters, etc. as described in the next section. As an example, Figure 11.6 illustrates the KPI for a successful mobile originating GSM voice call (MOC) scenario between two particular dates (DD.MM.YYYY). Assume that the agreed SLA between the network operator and the OEM for the successful MOC case is 99% and greater. The first half (left-hand side) of Figure 11.6 illustrates the ideal KPI that is within the SLA windows, whereas the second half (right-hand side) of the figure shows an abnormal KPI where the SLA has been breached as the corresponding KPI is below the 99%.

11.3.7  Troubleshooting and Improving KPI There are close relationships between the quality of communications services as perceived by users and the ­associated KPI result. A KPI result indicates the issue only and nothing about its root causes. Thus, identification and fixing of the technical root cause will improve both the quality of communications services and their ­associated KPI results. But the fixing of the root cause of a KPI-related issue that is complained about by a user may be a challenging one. In this case, the various factors, which may be either local or sometimes end-to-end nature, related to the KPI issue are required to be identified and isolated one by one. Past experience on the resolution of a KPI issue also matters here. To find and isolate the actual root cause, the relevant information is required to be collected and analyzed from the concerned network elements. Some of the typical causes of KPI issues are mentioned below: ●● ●● ●●

Environmental factors (e.g. poor radio link/air interface, Interference, obstacles . . .) Important network parameters that might affect signaling procedures Incorrect network dimensioning and its fine-tuning, network coverages issues

Performance Measurements and Optimizations of Mobile Communications Networks ●●

●● ●● ●● ●● ●● ●●

Signaling issues, important network functions, such as handover, and features such as fallback to CS domain issues Software bugs Hardware faults and physical interface issues Timing synchronization issues MS/UE faults User behavior Beamforming and coverage issues, in the case of the 5G NR system Above typical field issues and their troubleshooting steps are covered in the next chapter.

11.3.8  Components of a KPI Definition Similar to the designing and definition requirement of an alarm of a network element as described in Chapter 10, a KPI has several components/attributes that may be included as part of its design and definition. To define all such attributes, a KPI description format is used that may contain the following information: ●● ●● ●● ●● ●●

KPI name – an appropriate title for the current KPI KPI description – describes the purposes of the KPI KPI logical formula – formula consisting of measurement counters from the POMS and other subformulas KPI category, e.g. accessibility, and retainability KPI unit, i.e. %, time interval (seconds), Kbits/sec

For further details on the above KPI attributes in the case of the GSM/UMTS system, refer to 3GPP TS 32.410 [81].

­Chapter Summary This chapter presented the KPI method of performance measurements and optimizations of mobile communications networks in a quantified manner for various communication services in CS and PS domains. As far as a mobile communication network and its services quality aspects are concerned, the performance measurements and optimizations through KPI is important for attracting new and retaining its existing subscribers. KPIs are also one of the keys benchmarking and differentiating factors among the competing network operators in terms of their network performances and quality of services offered to subscribers. We presented the counter concept, which is a method used by a network element to record the result of a particular event or call processing step, signaling procedure, allocation of resources, and so on that may complete either success or failure. Counters are also used to record the volume of traffic per user, per cell, and so on. Then, we presented several illustrative typical KPI formulas that are derived from individual counters. A KPI formula can be a very basic one to a complex one and is carefully designed in an agreement between an operator and its OEM of different network elements. For more KPIs formulas for different mobile communications systems, the reader may further refer to the 3GPP TS mentioned in the different sections of this chapter.

157

159

12 Troubleshooting of Mobile Communications Networks Issues ­Introduction In a mobile communications network, day-to-day issues are inevitable, which could be related to the entire ­network or a service area; operation and maintenances; services issues to the subscriber(s); and so on. This chapter covers the sources of some of the typical issues that may be observed in day-to-day operations of a mobile communications network. A mobile communications network operated by a particular operator consists of various network elements that are interworked together through different logical interfaces, as described earlier in Chapter 6. Also, seamless communications services to roaming users are provided through the interoperations of mobile communications networks of different operators, as described earlier in Chapter 6. Day-to-day issues from simple to complex nature also appear due to the interoperations of mobile communications networks run by different network operators. We begin with the typical air interface-related issues and methods used to troubleshoot the same. It is followed by the Internet Protocol (IP) transport network-related issues among different network elements and methods used to troubleshooting them. We then present the typical issues that may arise due to the conformance testing, interoperability testing, and various interworking features/methods which may be deployed in a network. Finally, the typical approach to be used for debugging and resolution of a given network issue is also described.

12.1 ­Air Interface-Related Issues The most troublesome part of mobile communications networks is the air interface used between an MS/UE and its radio access network (RAN). Here, the information transmitted by the, say, MS or RAN note is subjected to go under environmental disturbances, such as interference, varying weather conditions, and physical geography (city, atop a hill), leading to the corruption of bits of information. This is true regardless of the type of mobile technology, such as Global System for Mobile Communication (GSM), General Packet Radio Service (GPRS), Universal Mobile Telecommunication System (UMTS), Long-Term Evolution (LTE), or 5G network, being deployed. A network element may have been tested thoroughly, and the result may be found to be as expected. But that is at a lab condition, which is under a controlled environment where there are no external disturbances to the radio wave propagation between the sender and receiver, say, an MS and base transceiver station (BTS). To combat errors resulting from air interface issues, each mobile communication technology uses different error correction and recovery mechanisms to protect the user data transmitted by an MS or its RAN node. Other network elements, such as MS, base station controller (BSC), mobile switching center (MSC), and Serving GPRS

Mobile Communications Systems Development: A Practical Introduction to System Understanding, Implementation, and Deployment, First Edition. Rajib Taid. © 2021 John Wiley & Sons Ltd. Published 2021 by John Wiley & Sons Ltd.

160

Mobile Communications Systems Development

Support Node (SGSN), may also introduce errors. For example, an operator has a BSC from vendor X and an MSC or SGSN from another vendor, say Y. A problem may crop up when the operator tries to integrate both the BSC and MSC since they work on open 3rd Generation Partnership Project (3GPP) standards and it is up to the vendor regarding the compliance and implementation of their particular network element. One could expect any kind of field issues from a mobile communications network. Whenever a customer makes a complaint about an inability to avail a service successfully, the root cause of the same may not be clear at the first instance itself. In that case, one can use intuition as well as past experiences as the starting point to proceed further in resolving the issue. One may also have detailed plans to address and resolve customer issues. Nevertheless, one can perform the following basic steps to troubleshoot a field issue being reported to a developer or support team.

12.1.1  Drive Test, Data Collection, and Its Analysis A drive test is performed in a particular problematic cell/site and is used to troubleshoot issues arising out of air interface-related problems. Air interface issues may affect a single customer or multiple customers or other neighbor networks too. A drive test can be also used for an in-depth examination of the serving and surrounding radio frequency (RF) conditions as well as successful functionality testing such as circuit-switched (CS) call, packetswitched (PS) call, and so on during a new cell site commissioning phase. A drive test is performed before a cell/ site is released to serve actual customer traffic from the newly rolled out site. This method comprises these steps – perform the test, capture the values, analysis them, and then recommend and tune the appropriate value for corrective actions. For a drive test, there is a special kind of mobile equipment, fitted in a vehicle, that can be used in a particular cell either stationary or moving condition to simulate the actual mobile user’s behaviors. Also, the test mobile equipment or MS can be positioned nearer to the base station, a little bit far, or farther from the base station to simulate the end user’s behavior. This MS can scan and verify the current RF environment conditions, including interference, received and transmitted signal level, neighbor cells, and various system parameters being transmitted by the base station which are received by the MS. Attached to this special MS is the software that shows the various signaling messages being exchanged between the MS and base station or the core network. One can examine and decode the contents of each message and see for any erroneous value present, which is possibly causing the current problem. A cell can be located in a city, village, having obstacles in proper signal propagation, or atop a hill. Depending on the cell site, various system parameters need to be tuned accordingly. This is possible through drive test exercises, followed by a careful analysis of the recorded values and recommendations for the appropriate one. A drive test procedure is also used to perform network optimizations, which is an ongoing activity to utilize the network resources, including the air interface, optimally while offering the desired quality of services to the subscribers. This is because a communication network run by an operator may evolve over a period of time, requiring periodic monitoring and fine-tuning. A drive test can also be used to measure data throughput offered by, say for a GPRS or LTE or 5G PS service, a typical network and rectify the possible causes if the throughput is found to be low and not a satisfactory one. Commercial software and hardware tools are available in the market to perform drive tests, collect data, and troubleshoot air interface-related issues. Look for the online resources to know more about such tools. Several air interface-related issues that can be analyzed through the drive test method are explained later in Section 12.6.

12.2 ­Debugging Issues with IP-Based Logical Interface The LTE and 5G system are an all IP transport-based mobile communications system and network. That is, the network elements of an LTE and 5G network communicate with each other on top of the existing IP transport network. Methods for debugging of IP transport network-based mobile communications issues are described in the next sections.

Troubleshooting of Mobile Communications Networks Issues

12.2.1  IP Protocol Analyzer One can download and install freely available IP-based protocol analysis tool to experiment with and understand the various IP protocols even with your desktop. An IP packet analyzer tool may support protocol drawn from mobile communications (Voice over IP [VOIP], GSM, GPRS, UMTS, LTE, 5G system, and so on) or data communications protocols (Transmission Control Protocol [TCP], IP, File Transfer Protocol [FTP], Virtual Router Redundancy Protocol [VRRP], and so on). A developer or an IP network troubleshooter can capture IP packets from different logical interfaces that work on top of the IP transport. Then, later on, decode the captured packets using the concerned communication protocol/stack for various IP-based logical interfaces used across GPRS, LTE/Evolved Packet System (EPS), or 5G networks. Even the proprietary A-bis interface has nowadays become IP-based, called Packet over A-bis. Using an IP-based packet analyses tool, one can: ●●

●● ●● ●●

●●

Study the behavior and become familiar with protocol/stacks in-depth that may help you in resolving live network, data, or communication issues of different complexities; Study the behavior and troubleshoot the performance of an application; Print and export data in a customized format; Graphical reporting capabilities of various categories, giving a visual representing and pin-pointing the probable root cause, an issue, or behavior of the captured IP session; and Study the suspicious behavior user activity or protocol layer.

12.2.2  Network/Application Throughput Issue An end-to-end mobile communications service is provided through an interconnected network of network ­elements such as the MS/UE, RAN, and core in association with the external packet data network. The issues in such a ­network could be either in the basic network signaling or application throughput issue. Some examples of mobile communications network PS call signaling protocols that work on top of the IP transport network are as follows: ●● ●●

●● ●●

GPRS Gb interface. LTE S1, X2 interface (Stream Control Transmission Protocol [SCTP] [17] on top of IP); 5G NG, Xn interface (on top of IP). UMTS Gb/Iu PS interface. Gn/Gi interface.

Examples of user applications where one can experience slow performance-related issues are slow internet browsing, e-mail, and video/audio streaming. For the issues of these types, chances are that there are issues with the IP transport layer. To locate and find out the root cause of the current fault/issue, start with the bottom-up approach, i.e. isolate the application layer and start troubleshooting at the IP  transport layer first. Figure  12.1 shows an example of how an application layer uses the services of the IP transport layer.

12.2.3  Switch Port Mirroring A Port Mirroring is the feature that is supported by a switch, not by a hub. A mirrored port sees all the packets, without disturbing them, which are being sent/received through an actual switch port. A developer or Operation and Maintenance (O&M) operator will be required to configure a mirror port using the commands provided by a particular switch. Check the documentation of the concerned switch on how to configure a mirrored port. On the mirrored port, one can hook up the IP packet

Application Layer Transport Layer

Figure 12.1  Application and transport layer with respect to IP troubleshooting.

161

162

Mobile Communications Systems Development

LAN Switch 2

1

Host A

Host B

………

Mirrored Port #1

IP Port Snipping Tool

Figure 12.2  IP packets snipping through switch port mirroring.

snipper and then listen and capture the packets exchanged between two hosts. Packet snipping using port mirroring is useful to determine and isolate the root cause and origin of an issue that is arising out of the IP transport communications used between two hosts, especially from different vendors. Figure  12.2 illustrates a sample arrangement of packets snipping using the Wireshark tool through a port mirroring feature of a switch. A thorough packet-by-packet analysis of the IP packets captured using the port mirroring mechanism shown above may lead to the source and root cause of an issue, as follows: ●● ●● ●●

Client, i.e. application at MS/UE end, can be excluded from the issue The network is dropping frames, say at the air interface level, leading the server to retransmit frames Server, i.e. application at network end can be excluded from the issue

There is the probability of dropping frames, say at the air interface level, by the communications network itself. In this case, it will be required to be troubleshot by the RF team, say by using a drive test as described in Section 12.1.1. If the above factors do not reveal any clue to the current issue, do not be afraid to suspect the behavior of the underlying TCP or User Datagram Protocol (UDP)/IP stack itself! But before suspecting the TCP or UDP/IP stack behavior, one must be thorough with the analysis with all the supporting data. As a developer, the task is to do the root cause analysis (RCA) of the delay experienced in the application, e.g. browsing, e-mail, chat, and so on, as reported by the communications service user. Problems can crop up anywhere in the network sometimes, for example, because of a low quality and 3GPP noncompliant MS that behaves erratically, causing troubles either for the RAN or CN. One must have an issue resolution plan in place to find its solution. A developer requires to establish the fact that the concerned module or network element is not leading to the current issue at hand. To accomplish this, one may have to collect logs from multiple interfaces across the network. This is described in Section 12.3.

12.3 ­Conformance Testing Issues Protocol conformance testing is performed to verify the desired behavior and functionalities of a particular network element against the specified ones as mentioned in the 3GPP technical specifications, TS 34.12* series [88], TS 36.52* series [99], TS 51 series [137] for GSM/UMTS/LTE, and TS 38.50/52/53 [124] series for the 5G NR.

Troubleshooting of Mobile Communications Networks Issues

12.3.1  Example: Mobile Device (MS)/User Equipment (UE) Conformance Test Consider the mobile device (MS) or user equipment (UE), which is an intelligent device having multitasking capabilities to provide various communication services to a user through different protocols layers/stacks. An MS or UE communicates with the radio access as well as the core network to transmit and receive signaling and user data. The networks process the UE request initiated for a particular signaling procedure whose result or outcome will have different possibilities. The network processes information transmitted by the MS/UE and responds the result to the UE/MS accordingly as specified for the concerned procedure in its technical specification. The response, either success, failure, or any other, from the network for a particular procedure is dynamic in nature, and depending on it, the UE/MS requires to behave as mentioned in the concerned specification. That is the purpose of the UE/MS conformance testing. Failure to conform by a UE/MS shall result in an unexpected behavior due to which the user would not be able to use telecommunication services. Some of the typical scenarios and functional areas requiring protocol conformance testing for a UE/MS are listed below: ●●

●● ●● ●●

●●

●●

●● ●●

An MS that supports all the available radio access technologies, i.e. GSM, UMTS, and LTE system with different duplexing modes such as (Frequency Division Duplex [FDD] and Time Division Duplex [TDD]). An MS that supports LTE and 5G system with different duplexing modes such as (FDD and TDD). Intra-radio or inter-Radio Access Technology (inter-RAT) Handover. Functions and procedures, e.g. radio resource control, mobility management, call control, measurements, session management, conformances requirements for CS as well as PS domain as specified in concerned 3GPP technical specifications. Idle mode behavior of an MS/UE in case of pure LTE, UMTS, or GSM mode, or multimode or another environment. Protocol conformance requirements for various layers, e.g. Layer 1, Layer 2, and Layer 3, and their mode of working, i.e. acknowledge, unacknowledged, and transparent. Supplementary services and short message services conformances requirements. MS/UE radio transmission and reception conformances requirements.

12.3.2  Example: Location Area Update Request Consider the location area update (LAU) mobility management procedure performed by an MS in case of CS domain GSM system. Note that an LTE UE may also perform an LAU procedure as part of the combined tracking area update procedure toward LTE/Evolved Packet Core (EPC). The MS provides its identities, which is mandatory, in the Location Updating Request message sent to the core network. A mobile identity could be any one of the following ones: ●● ●● ●●

International Mobile Subscriber Identity (IMSI) Temporary Mobile Subscriber Identity (TMSI) International Mobile Equipment Identity (IMEI)

An LAU request initiated by the MS may be either accepted or rejected by the core network, and the result is conveyed to the MS through the Location Area Update Accept or Reject with an appropriate code. For further details on various response codes, refer to TS 24.008 [45]. Assume that the core network accepted the LAU request made by the MS as shown in the following Figure 12.3. As shown in Figure  12.3, there are three possibilities of response that the core network may reply in the LOCATION UPDATING ACCEPT message to the MS. In this case, the concerned MS is required to meet all such conformance requirements. The MS is required to function normally after the completion of a Location Updating

163

164

Mobile Communications Systems Development GSM Core Network

MS

Location Updating Request Location Updating Accept New TMSI or IMSI or Neither TMSI Reallocation Complete

Ack. in case of New TMSI Allocation

Figure 12.3  Illustration: GSM location area update procedure.

MS Conformance Requirements for LAU

-Network may reallocate a new TMSI to the MS as specified in the LOCATION UPDATING ACCEPT message. The MS shall acknowledge the reception of the new TMSI and requires to use it in the subsequent communications with the network. -Network may accept and send a LOCATION UPDATING ACCEPT message without the TMSI or IMSI. In this case, MS shall use the last allocated TMSI only in the subsequent communications with the network. -Network may accept and send a LOCATION UPDATING ACCEPT message with the IMSI of the MS. In this case the MS shall use the IMSI only in the subsequent communications with the network.

Figure 12.4  Illustration: typical UE conformance test scenarios for GSM location area update procedure.

Request procedure successfully with all the three possible responses from the network end as mentioned above. To verify the above conformances for the Location Updating Request procedure made by an MS, a series of tests shall be performed through a system simulator that behaves like a real-life core network system. Note that 3GPP also has technical specifications that describe the conformances requirements specification, Figure 12.4, for network elements such as the MS/UE and base station. Such technical specifications span across several thousands of pages that describe the requirements of conformance for a particular procedure/function. Conformance test technical specifications also contain the execution steps in detail for a particular procedure to be tested and verified. For more information on the MS/UE conformance requirements and their specifications, refer to 3GPP TSs [88, 97, 137].

12.4 ­Interoperability Testing (IOT) Issues Interoperability is the ability of a communications system and its network elements to provide and accept services successfully by exchanging information with another Original Equipment Manufacturer (OEM)’s network elements/system. Interoperability among the mobile communications networks of different operators provides seamless communication services to a roaming user while traveling outside the home network.

Troubleshooting of Mobile Communications Networks Issues Air Interface S-GW Air Interface Signal Analysis

eNB P-GW

.0101.

.0101.

...

.0101.

Location for Frames or IP Packets Snipping Points

Figure 12.5  Illustration: IP packet snipping tool setup for troubleshooting IOT-related issues in an LTE/EPS network.

A mobile communications network that consists of different network elements is supplied by different OEMs. Network elements are designed and developed based on the 3GPP open standard and its technical specifications. Interoperability issues can be still expected to arise at the beginning of its deployment due to integrations of the 3GPP-compliant network elements. ●●

Reasons for IOT issues

Generally, an IOT issue, between two networks, may arise whenever a network element sends protocol information incorrectly to another network element. In such cases, the receiver may either discard the protocol information or respond with an error code to the sender of the message. A network element may send erroneous protocol information to a receiver as a result of ambiguity and incorrect interpretation from the concerned specification by the developer. Protocol information may also become erroneous due to poor radio conditions or other transmissions issues at different physical interfaces. Sometimes, IOT issues may also crop up because of missing mandatory protocol information as detected by its receiver. For all such cases and to find its actual root cause, necessary log/traces are collected from the respective logical interfaces that connect the concerned network elements. One such arrangement to capture log/traces from different logical interfaces of an LTE/EPS network is illustrated in Figure 12.5. Figure 12.5 illustrates the capturing of logs/traces at UE end over the air interface and between the eNodeB and the Serving Gateway (S-GW) for user traffic throughput-related issue analysis in an LTE/EPS network. Similar approaches may be used for isolation of IOT-related issues in other communication systems, such as the 5G system.

12.5 ­Interworking Issues In Chapter 6, we had presented the interworking scenarios of mobile communications networks based on the legacy GSM, GPRS, and UTMS systems along with the LTE/EPS and interworking between the LTE/ EPS and 5G systems. Through interworking, an operator may provide voice, data, and other communication services to subscribers according to their needs. However, the types of services that can be used by a subscriber also depend on the capability of the MS as well as the core network. For example, an MS may provide its voice over IP Multimedia Subsystem (IMS), i.e. Voice over LTE (VoLTE), capability information

165

166

Mobile Communications Systems Development

to the LTE/EPC network. However, the LTE/EPC network may not have the IMS facility. In such a case, the MS may fall back to the legacy GSM/UMTS network to facilitate voice calls, as described earlier in Section 6.2.3. Now, assume the scenario where the LTE/EPC does not have the provision for the CS fallback also. In such a case, a typical voice-centric UE may attempt to detach from the LTE/EPC network and register with the 2G/3G network to facilitate voice calls to the mobile user. However, a data-centric UE may be able to register successfully with the LTE/EPC network. In an interworking scenario and depending on UE mode as described earlier in Section 6.5, different UEs may behave differently, and sometimes, it is possible that a UE is not able to register with the core network at all. To address such UE network registration-related issues and find the root cause, necessary logs/traces are required to be collected from the concerned logical interfaces by repeating the test scenario. From these initial traces, the type of network registration/attach as requested by the UE, its capabilities as well as the actual network configuration-related information can be examined. This information can be further used to isolate one by one the probable causes of the UE network registration failure issue. One such arrangement to capture log/traces is shown in Figure 12.5. This figure shows a typical setup to collect the logs using an IP packet sniffer tool for troubleshooting of an IOT issue reported from an LTE/EPS network element or other communication systems using the IP transport network.

12.6 ­Importance of Log/Traces and Its Collections Mobile communications network issues reported from the field can be a difficult and challenging one to resolve as the network is exposed to a variety of conditions and environments. Most of the issues reported from the field are not easily reproducible at laboratory conditions, for example, a process crash, as the field environment is very dynamic in nature. Troubleshooting of field issues becomes more challenging in case of an embedded systembased network element as it is simply a plug-in unit (PIU) with no disk-based storage facility for recording of important logs. An embedded system-based network element becomes refreshed upon its restart following an event, for example, upon a critical process crash with no memory core dump. Also, a mobile communications network and system becomes matured over a period of time with many issues being fixed, followed by delivery of the subsequent releases to the customers. If the field issue is a reproducible one, it will be fortunate enough to collect the required logs. Logs are very crucial for the troubleshooting by the development team to debug and solve the issue reported from the field. It was mentioned in Section 3.1 in Chapter 3 that a mobile communications network consists of various network elements and physical and logical interfaces connecting them. Sometimes, an issue may be a straightforward one and requires collecting logs from the concerned network elements and logical interface only. In other cases, make an expert judgment on the possible roles of various network elements and logical interfaces that exist all along between the actual sender and receiver. Collect the required messages, at each of the logical interfaces, exchanged between each successive network elements. From the logs, verify that the contents of the messages being exchanged over the respective logical interfaces are correct among the network elements with respect to the concerned 3GPP TS. It is possible that the sender was sending a wrong value or it did not include a mandatory element as defined in the concerned TS, leading to the current issue. In that case, the defect must be fixed at the sender side only. End-to-end, i.e. from MS/UE to core network or another external network, time-synced logs are required to be collected to correlate, troubleshoot, and fix any data throughput-related issues. From the collected logs, air interface-related issues shall be visible from the retransmission requirements of the radio link control (RLC) Layer 2 frames, blocks, or protocol data units (PDUs). Similarly, an IP packet drop or retransmission requirements shall be visible either because of air interface-related issues or network congestion. Tools that can be

Troubleshooting of Mobile Communications Networks Issues

used to collect logs and debug various interfaces or reference points-related issues can be classified into the following types: ●●

●●

●●

●●

Air Interface Investigation Tool – It can be used to collect logs for air interface-related issues at MS/UE end. Such a tool can be used to do a live analysis of the message and its contents sent and received by an MS/UE from the base station over the air interface. The air interface investigation tool can be also used to analyze the signal level and its quality for the serving as well as the neighbor cells. This information helps greatly in finding any handover or interference-related issues. IP Transport Investigation Tool – It can be used to collect logs and debug mobile communications protocols issues that work on top of the existing IP transport interface. Open Interface Investigation Tool – It can be used to collect logs and debug open protocols issues such as the SS7, ATM, and Frame Relay. Proprietary Tool – Such tools are supplied and can be used to debug an issue with an embedded system board that contains a proprietary system on chips (SOC).

12.7 ­Steps for Troubleshooting In this section, we will discuss the UE/MS, radio access, and core network services-related issues and their troubleshooting approaches for a particular live communications network, i.e. GSM, GPRS, UMTS, LTE, and 5G system. The troubleshooting approaches may vary depending on several factors, deployment scenarios with various physical and logical interfaces as well as the preliminary expert judgment being applied. Below are the typical steps that can be followed to resolve network services-related issues: Step 1. Determine the communication domain of the issue being reported, i.e. whether it is a CS domain or PS domain issue. Once the domain is identified, the concerned network elements are known toward the next step of troubleshooting. Step 2. Gather the preliminary information on the issue reported. Some of the network services-related information to be collected are as follows, i.e. whether the issue is ●● ●● ●● ●● ●●

●● ●● ●● ●● ●● ●●

a single user related; a large number of users/cell outage or network outages related; key performance identifier (KPI) performance related; intra-RAT or inter-RAT related; 3GPP interworking and feature related, e.g. circuit-switched fallback (CSFB), Single Radio Voice Call Continuity (SRVCC), Handover procedure related issues; roaming related; voice over IMS related; reproducibility of issues; time of day the issue occurs; device drivers, time synchronization-related issues, and so on; and a particular 5G use case and its network slice-related issues and so on. Step 3. If the issue is about the

a) Single User Call/Traffic-Related Issues Look at it from the RAN, e.g. BSC, point of view. There could be several reasons for a call failure. For example, call failure may result because of the unavailability of radio resources/channels, signaling failure, and congestion in the network.

167

168

Mobile Communications Systems Development ●●

Identify the target cell and look at its resource-related counters maintained by the RAN. Look at the failurerelated counters (e.g. Section 11.1) maintained for the target cell that could hint at the reason for the call failure. If the call failure is due to resource unavailability, look at the allocated and available resources in the target cell at the time of serving the call. If all the available resources in the target cell are occupied by the ongoing calls, then further call failure is justified; otherwise, there may be issues in the radio resources management (RRM) program module where resources, i.e. are in blocked or in different states, are not being managed properly. For example, the RRM module may mark a timeslot in a blocked state, whereas it is working at the BTS end.

b) Signaling-Related Issues Look at it from the RAN as well as the core network point of view. ●●

●●

For RAN-related issues, look for the possibility of signaling resource unavailability at the RAN end as mentioned above. For CN-related issues, look for the subscriber status at the CN node, i.e. MSC, or SGSN, Home Location Register (HLR), Mobility Management Entity (MME), and 5G core Access and Mobility Management Function (AMF). Ensure that the subscriber is not barred, the MS/UE is authenticated successfully, and the subscriber subscribes to the requested services from the network. To rule out such possible issues, end-to-end logs, from each interface, from MS/UE to core network may be required.

Successful completion of a signaling procedure plays a very crucial role in all the phases of establishing and maintaining an ongoing call. Because of a signaling failure, an MS/UE would not be able to register with the core network and use its services. c) Handover-Related Issues Handover failure-related issues arise whenever the ongoing call for a moving subscriber could not be handed over to the target cell. The reason for handover failure could be due to the unavailability of resources at the target cell; a signaling failure; and a time synchronization issue. Scope and steps for troubleshooting of a handover-related issue shall depend on the type of handover, i.e. intra-RAT or inter-RAT/inter-system, and also network elements involved in the reported issue. For example, in the case of the LTE system, a handover type could be an X2 interface or S1 interface based. Even if an X2 interface exists between two eNodeBs, an S1 interface-based handover may be executed in case an X2 interface handover is not successful because of rejection by the target eNodeB or interface-related issues. A handover attempt may also fail because of the physical channel failure, expiry of a timer, or handover from an LTE to UMTS terrestrial radio access network (UTRAN); LTE to 5G; or UTRAN to GSM system. d) Air Interface-Related Issues The air interface of a mobile communications system is exposed to varieties of environmental conditions and interferences from the neighbor cells or other Public Land Mobile Network (PLMN) cells. Air interface issue may significantly impact call, handover success rate as well as the throughput of data services. To study the air interface, its surrounding cells and their assigned frequencies, and any interferences among them as well as power levels, a drive test can be performed using an appropriate air interface protocol analysis tool. The analysis of air interface logs shall be different depending on the communications system, i.e. GSM, GPRS, UMTS, LTE, and 5G system, being used. e) Data Throughput Issues The quality of the RF condition/air interface plays a significant role in providing an expected data throughput to a subscriber. Based on the current state of the air interface, the RAN adjusts the resources that are allocated to a UE/ MS over the air interface accordingly. This is achieved by lowering or upgrading the modulation and coding scheme (MCS) allocated to the ongoing PS session of a UE. MCS details along with the RLC Layer 2 behavior over the air

Troubleshooting of Mobile Communications Networks Issues Session Break

100%

RLC Throughput

75%

50%

25% Session Resume 00:00:00

00:00:05

00:00:10

00:00:15

00:00:20

00:00:30

Time

Figure 12.6  Illustration: air interface RLC layer data throughput.

interface can be studied using an appropriate air interface protocol analysis tool. Figure 12.6 illustrates a sample plot of the RLC layer throughput in the downlink direction for a typical data session in an LTE/EPS or 5G network. As illustrated in Figure 12.6, the RLC layer behavior is a ramp-up in nature and throughput is not constant. Also, there is a break in the data session as shown by the absence of the RLC layer graph. If no issues are found from the drive test and air interface log analysis, the root cause of the throughput issue shall be attempted further by looking at the logs collected from other logical interfaces. It may be required to compare the air interface frames Receive (RX)/Transmit (TX) time along with the packets RX/TX time at other concerned interfaces. Any major RX/TX time differences shall provide hints toward the root cause of the data throughput issue. In summary, to rule out such data throughput issues, end-to-end interface logs from MS/UE to the core network may be collected and analyzed. f) Multiple Users, Cell, or Network Outages Issues These are severe issues affecting a large number of subscribers in the affected service area of a PLMN operator. The reason could be the hardware breakdown or interface-related issues including physical media such as the fiber optical cable cut. Services outages may also take place because critical software processes crash at the network end. For such types of outages, the issue is to be addressed in inter-domain approaches by looking at the access network and core network elements for possible causes. Available alarm data may also indicate the faulty network element. A detailed RCA is required to arrive and prevent it from a further cell or network outages. g) Low KPI Issues A KPI issue is observed at the network level that represents the performance degradations in terms of the signaling and services aspect of a mobile communications network. A poor KPI results call for in-depth investigation toward its root cause, which may sometimes require to look beyond its network, especially for air interface-related issues. A KPI for a particular procedure/scenario is derived from the fundamental counters that are maintained by the concerned network element and its protocol layer. The fundamental counters are updated by a network element as a result of the occurrence of a protocol layer event as well as during a call processing stage while serving both the signaling and user traffic. A dip in a KPI should be addressed by looking at the concerned scenario and its associated signaling messages where the corresponding fundamental counters are updated by the concerned protocol layer. Verify that they are being updated correctly in the code. h) 3GPP Interworking, Features, and Roaming-Related Issues 3GPP interworking procedures and features were described earlier in Chapter 6. An interworking procedure, such as CSFB and SRVCC, involves inter-RAT communications, and it works by exchanging information through multiple physical as well as logical interfaces. 3GPP features, such as Multi-operator Core Network (MOCN) and

169

170

Mobile Communications Systems Development

CS paging coordination, also involve multiples interfaces as well as PLMNs. Resolution of a 3GPP Interworking and features-related issue is more challenging as it involves multiple RATs or network elements. The network elements may be supplied by different OEMs. Thus, to resolve an internetwork or feature-related issue, appropriate logs shall be collected from the concerned interfaces using protocol analysis tools and shall be analyzed further by domain experts simultaneously. If the physical transport networks, e.g. Frame Relay and IP, being used by the concerned logical interfaces are different, then logs are required to be collected using different protocol analysis tools, which is another challenge. If a protocol analysis based on the collected information does not reveal a root cause of the interworking or feature issue, further investigation areas should be explored beyond the concerned logical interfaces. To rule out whether the issue reported is due to a particular interworking scenario/feature or it is a generic/ legacy network cause, the same can be verified by enabling and disabling the interworking scenario/feature. The outcome of such a test shall provide a new direction for further investigation of the issue reported. i) Device Driver, Time Synchronization-Related Issues Sometimes, the lower level platform-related issues can result in issues at the higher layer application protocols, leading to disruptions in the communication services. For example, if an embedded system-based network element is not using the IP transport network on top of Ethernet but using another interface such as Frame Relay or ATM, then the device driver for it must be a stable one so that there is no time for synchronization issues. Otherwise, upper protocol Layer 2 frames may not be transmitted and received by the device driver at the desired time, leading to out-of-synchronization frames. Such out-of-synchronized frames cannot be processed by a device driver because of cyclic redundancy check (CRC) and other errors. The out-of-sync frame shall be discarded by the device driver without forwarding it to the higher application layer. Such issues require low-level debugging skills with hardware specific tools. In all of the above scenarios that are leading to various communications services issues, the root cause identification and its elimination require a step-by-step analysis of higher and lower layer protocols details using the available information which is collected from the field. Even within a particular network element, one should be able to analyze all the layers of a particular logical interface and look at the contents of the individual messages exchanged from the higher to the lower layer and vice versa. One should be able to identify the access network and core network protocol interfaces and their layers where performance issues are suspected. In the absence of available logs/traces from the suspected interfaces and network elements, the counters (e.g. Section 11.1) maintained at the concerned network element can be useful for offline analysis of the reported issue.

­Chapter Summary In this chapter, we presented the different types of day-to-day network issues that could prevent mobile communications networks from providing communications services smoothly to their subscribers. Typical tools and methods that can be used to debug and resolve different types of network issues were presented. A running network issue may affect a single user, multiple users, or it may affect the entire network. Accordingly, each network issue has its challenges in terms of its root cause identification and resolution. The appearance of an issue may be a one time, random, or repeated one in nature. A one time or random issue reported from a live and matured network is especially more challenging to address and provide its resolution in terms of its non reproducibility at a lab, and also, no sufficient information, for the developer, about the issue is available from the operator end. We closed this chapter with some of the typical mobile communications network issues that may be reported from the field along with their approaches for troubleshooting and finding their solutions.

171

Part III Mobile Communications Systems Development In Part I and Part II of this book, we have presented the background information and various aspects of mobile communications systems and networks based on the available communication technologies, right from the GSM to the 5G system. In this part of the book, the actual development and realization of a 3GPP‐compliant mobile communications systems network element, based on the GSM to the 5G system, shall be described and illustrated in three chapters. The purposes of the chapters are as follows: Chapter  13 describes and illustrates the core software development fundamentals in terms of the software development life cycle which is followed during a typical software development process. This chapter also presents the other aspect of the design and development requirements of an application protocol layer or a network element. Chapter 14 describes and illustrates the protocol layer formats and data structures used by the Air interface and core network protocol layers which are based on the concerned 3GPP technical specifications of mobile communications systems and networks. This chapter also presents the other aspect of the design and development requirements as far the 3GPP protocol layers are concerned. Chapter 15 describes and illustrates the preparation of requirements specifications of new functions, procedures, and realization of features from the concerned 3GPP technical specifications. The materials presented in these chapters are accompanied by sample illustrations on how the information available in a 3GPP TS for a particular protocol layer and its procedure, function, algorithm, and so on could be converted into a requirement specification, high‐level design and low‐level design, i.e. coding, for the realization of a particular network element.

173

13 Core Software Development Fundamentals ­Introduction By now, the reader must have developed application software of the following types: ●● ●● ●●

Desktop GUI applications Console and background applications Database, web applications, and so on.

The software system development requirement for a typical mobile communications system is a bit different from the traditional desktop- or server-based application developments. For the traditional, general purpose desktop and database application development environment, close interaction with the underlying hardware platform is not required. Development of a typical mobile communications application software system requires sound knowledge and skills on complex data structures, low-level programming as well as the internals and advance features of the operating system. This chapter begins with the general and core software development fundamentals that are known as the software development life cycle (SDLC) in the software engineering paradigm. We then present the various hardware as well as the software development tools and platforms available based on which a mobile communications network element can be designed and developed. This chapter also covers some of the basic aspects of software engineering practices that can be used for the development of application protocol layers of mobile communications systems.

13.1  ­A Brief on Software Development Fundamentals Let us first briefly go through the software development fundamentals, in general, that applies to any kind of application software or telecommunication software system development project as well. Generally, a software system, e.g. an application, a protocol layer, or a product, development project is divided into several tasks/phases that may be repetitive in nature depending on the scope of the project. These phases are collectively known as the SDLC in the software engineering paradigm, which is illustrated in Figure 13.1. ●● ●● ●● ●● ●●

Requirements Design Implementation Integration and testing Operation and maintenance

Mobile Communications Systems Development: A Practical Introduction to System Understanding, Implementation, and Deployment, First Edition. Rajib Taid. © 2021 John Wiley & Sons Ltd. Published 2021 by John Wiley & Sons Ltd.

174

Mobile Communications Systems Development

Figure 13.1  Phases of software development process and its SDLC. Requirements

Operation & Maintenance

Design

SDLC

Integration & Testing

Implementation

It is assumed that the reader of this book is familiar with the different phases of a typical SDLC shown in Figure 13.1. Also, every project has certain deliverables that are to be produced in each phase mentioned above and is provided to the customer as part of the project plan. Typical deliverables in each SDLC phase are described below from a mobile communications system and its protocol layer development point of view.

13.1.1  Requirements Phase ●●

Requirements Specifications/Technical Specifications

As a developer, requirement specifications shall be derived from several sources such as the client’s specifications, business objectives, and requirements derived from the standard technical/protocol specifications. For example, one can derive the function and procedure requirements of a network element of a mobile communications system from the various 3rd Generation Partnership Project (3GPP) technical specifications. A 3GPP technical specification describes a particular protocol layer or general services aspects. More about the identification of protocol layer requirements, its functions, and procedures from 3GPP technical specifications shall be described in Chapter 15. ●●

Requirements Traceability Matrix (RTM)

An RTM traces the requirements of the intended functions and procedures of a protocol layer against its corresponding implementation in the code or a document. Using an RTM, a client may verify that the software system implements and meets all the intended specifications or business requirements.

13.1.2  Design ●●

High-Level Design Document (HLD)

In an HLD, a developer will describe and document the protocol layer and its software architecture, modules, organization/integration, interfaces, various algorithms, flow diagrams, and so on, as illustrated across the chapters of this book. An HLD does not specify the low-level implementations aspect of coding. ●●

Low-Level Design Document (LLD)

In an LLD, a developer will describe and document the module-specific requirements at a deep level such as the kind of data structures for storing and retrieval of information; the definition of system parameters, various

Core Software Development Fundamentals

declaration, algorithms, procedures; and so on. The developer will mention the implementation of a particular function, algorithm, and procedure in pseudo/actual code. Chapter 21 describes and illustrates the LLD aspects in terms of software coding.

13.1.3  Implementation In an implementation document, a developer will describe the kind of development environment that shall be used for the development of a network element. The development environment may be as follows: ●● ●●

●● ●●

Desktop Environment: Legacy Multiuser Environment such as UNIX System. Embedded system including a real-time operating system (RTOS), hardware processor, and board. The processor could be either multicore or special purpose digital signal processor (DSP). Development languages such as the C and C++ and proprietary development tools. Source code control system for versions control of different releases/fixes.

13.1.4  Integration and Testing In this phase, a developer will prepare the test plan and strategy to be used for testing a network element so that it meets the technical specifications as well as the customer’s business requirements or objectives. A test plan and its strategy are shared with the client. A test plan typically includes the following aspects: ●●

●● ●●

●● ●●

Type of test setup environment, i.e. laboratory or field or actual or simulated network element, and network configurations. Release or version of the network element under test. Types of testing, i.e. quality assurance testing, unit testing, system integration testing, interoperability testing, performance testing, load testing, protocol layer conformance testing, release testing, drive testing, and so on. Preparation of test cases, test scripts, and manual or automated testing. Results of test cases, any exceptions.

Note that in an SDLC, a software testing activity is repetitive and ongoing in nature. Generally, a developer performs the unit and system integration testing. The remaining types of test methods are performed by the testing and verification team.

13.1.5  Operation and Maintenance A particular network element will be shipped to the customer and deployed commercially once it has been tested and verified that it meets all the requirements, e.g. business objectives and technical requirements of the customer. During the initial phase of deployment and its operations, it is natural that hardware or software bugs/ faults appear from the supplied communications software systems. The developer will fix such reported software faults during the operation and maintenance phase. In this phase, post-deployment support strategies will be prepared, such as the following ones: ●● ●● ●● ●●

Software patches/workarounds during emergency cases such as cellular network outages Fixing of hardware or software bugs reported from the field operational system Software patches/release delivery and its management Development of new features/enhancement requirements based on the existing code baseline.

The subsequent sections describe the typical platforms available for the development of a network element as well as other design and development aspects of a mobile communications system.

175

176

Mobile Communications Systems Development

13.2  ­Hardware Platforms: Embedded System, Linux Versus PC The selection of a hardware platform, i.e. legacy versus embedded, could be a complex decision because of the complexity of the project as well as the commercially available various embedded system platforms. To select a target platform, detailed feasibility and comparative study should be performed on the available platforms that include both the technical and commercial aspects. One should consider the various advanced features, described in Section 13.3, that support development as well as debugging tools and features provided by a particular operating system being identified. Available hardware platform could be Windows on Intel, Sun Solaris Unix on Sparc processor, and so on. The hardware platform could be also a DSP or an embedded version of LINUX/RTOS on an embedded processor, including multicore (more about it in a later section), based on PowerPC, ARM, and MIPS architectures. There could be vendor-specific proprietary platforms too, both hardware and software. Choosing and selecting a target platform is the key before a particular network element could be designed and developed as its software architecture will have a close relationship with the target platform. Generally, a Unix-based or RTOS-based embedded DSP plug-in unit (PIU) platform is used to deploy the network elements (such as base station controller [BSC], mobile switching center [MSC], and so on) of a mobile communications network. This is because these platforms offer much more flexibility and security than other platforms such as Windows. Apart from this, almost all of the Unix/Linux flavors offer a variety of useful tools (e.g. perl, tcl), utilities, and commands, such as cut, awk, sed, and so on, that can be used to perform varieties of customs tasks such as reporting, scripting, and system monitoring. A developer will be required to develop hundreds of lines of code to provide the same capabilities and functionalities for performing a similar task on a Windows platform.

13.2.1  System Development Using Embedded System Board The reader must have already designed and developed application software using either the Windows or UNIX/ Linux environment. These are disk-based development environments where the executable programs are stored on the hard disk drive. As normally does, the operating systems load the concerned program into the memory before it can be executed. But a typical runtime-embedded system or environment is a diskless system where the entire program along with the RTOS and its data is loaded into the memory and resides there till the program is executing in the memory. On a traditional system like Windows or UNIX, one needs to just power on and log in to the system and start working on it using its development environment/tools/software development kit (SDK). However, software system design and development, for example, a network element of a mobile communications system, approach on an embedded board with an RTOS such as Linux OS is different from the traditional software developed on the Windows or UNIX platform. One such embedded system development model is illustrated in Figure 13.2. Generally, a developer will develop a new or an embedded version of the application protocol layer module of a network element using an evaluation or prototype hardware board along with the supplied SDK. A prototype board will accompany all the necessary tools and tackles, such as a debugger kit, that are required to accomplish the development task. However, a prototype board does not include all the system support services and may not be ready to be used by an embedded operating system. A developer requires to develop all the required support services for a prototype board. One such support services package is described next. ●●

Board Support Package (BSP)

For a general purpose operating system to boot and run, there are support functions and boot processes right from pressing the power on button till the login window is presented to a user. A boot process initializes the various system services and resources such as processor, RAM, bus, clock, interrupt, NIC, and boot loader. But, in the world of embedded systems, a developer has to develop and write code to initialize the various system resources

Core Software Development Fundamentals

Figure 13.2  Illustration: embedded system development environment.

Embedded System Board

Embedded System Development Applications/Protocol Dev. Services Platform Services Dev.

and devices. These are the support functions that make an RTOS as well as the other custom application software ready to run on top of the embedded system/board. Such coding, both low level and high level, and software developments that are done for different system resource areas are collectively known as the board support package (BSP). A typical BSP consists of the following various hardware resource initialization functionalities: –– Boot loader –– Built-in self-test (BIST) or power-on self-test (POST) –– Device drivers –– Memory allocation routines –– Flash memory routines –– Interrupt controller routine –– Various register/driver initializers –– Serial port driver If a developer chooses the Linux as the embedded operating system, it will be required to study the GNU toolchain collection to build a proper embedded system development environment. GNU toolchain supports the C/ C++/assembly programming languages. It also contains Linker, Assembler, and an Integrated Development Environment (IDE). Note that a BSP is dependent on the particular hardware model/type as well as the operating system selected. One needs to study thoroughly the selected hardware type and its reference manual to provide a stable platform for the applications or protocol layers to run and work properly. Apart from the development of the BSP on an embedded system using Linux, one may be required to customize the platform being used for project-specific requirements, development/modification of device drivers, interrupt controllers, and so on. More about the development of device drives can be found later in Section 14.21.

13.2.2  System Development Using Multicore Hardware Platform Now, all of us know about a multiprocessor, multiprogramming computing platform as we have already studied them during the undergraduate course. The current buzzword is multicore, which is the new computing paradigm. The multicore platform is everywhere, be it desktop, server, smartphone, and so on. To explore and experience a bit further on the multicore computing environment, open the desktop computer which is already running on top of general purpose commercial multicore processors. A multicore processor has multiple physical cores. Each physical core has multiple logical cores. To see the cores that are in services, open

177

178

Mobile Communications Systems Development Single Core System E-mail

……

Figure 13.3  Illustration: single core and multicore processor systems.

Multi Core System

WWW

Video

E-mail

Operating System

……

WWW

Operating System VS

CPU/Core

CPU/Core

……

CPU/Core

Windows Resource Monitor (on Windows, select Start→All Programs→Accessories→System Tools→Resource Monitor). This shows the number of cores currently running on the desktop system. 13.2.2.1  What Is a Core?

A core is nothing but a processing engine or a unit of a processor. A multicore processor contains several cores that form a computing environment. Examples of single core and multicore platforms are shown in Figure 13.3. 13.2.2.2  Network Element Development Using Multicore Platform

An application is a good candidate for multiprocessing if it requires a large number of tasks to be completed, but the completion of one does not depend or depends only slightly on the completion of the other jobs. If the application is a single large job, but each piece of it depends on another, and also there is a high degree of required serialization, then a multicore platform may not be a good choice in this case. But if we look at the protocol/stack and system architecture of the available mobile communications systems (Global System for Mobile Communication [GSM], General Packet Radio Service [GPRS], Universal Mobile Telecommunication System [UMTS], Long-Term Evolution [LTE], and 5G), one can choose to deploy a communications network element based on a multicore platform having 1. . .N cores. A developer can take advantages of multiple core platform and then design and architect the software modules in the following way: ●● ●●

●●

●●

●●

Deploy the symmetric multicore platform (SMP) system; Have dedicated cores or groups of cores responsible for controlling and managing the control plan/slow path and user plan/fast path; Have dedicated cores or groups of cores responsible for controlling and managing the various logical interfaces such as air, Gb, Iu, and S1, and so on Have dedicated cores or groups of cores responsible for controlling and managing the system administration and operations and maintenance tasks; and Have dedicated core for handling uplink and downlink data flow.

Apart from the telecom and networking space, multicore processors and systems have their widespread use in OEM/commercial products, switches, routers, and other multiple market segments. 13.2.2.3  Runtime Choices of Multicore Processor

A multicore processor may provide multiple runtime environments or choices to run the application protocols modules: ●●

Simple executive environment – where a core executes and runs a stand-alone or specialized user application without the requirements of an operating system such as Linux.

Core Software Development Fundamentals ●●

Symmetric multicore/multiprocessor environment – where an operating system could be run on multiple cores or a single operating system can control multiple cores. In this case, an application may also run in Kernel mode.

The choice of runtime environments is derived based on the application or the entire project’s requirements. For example, one can run the Linux SMP operating system on certain cores, whereas the simple executive application(s) can be run on the remaining cores. 13.2.2.4  Software Programming Model for Multicore Processor

Two software programming models can be used during the design and development phase of a software module for the processing of communication services events. Those programming models are mentioned below: ●● ●●

Run-to-completion programming model Pipelining programming model

In the run-to-completion programming model, a designated core would perform the processing of the entire sequences of tasks/packets for a particular communication services event. This leads to monolithic software design and can lead to unexpected issues during its maintenance. In the pipelining programming model, different sequences of tasks/packets processing are divided into stages and assigned among the available cores. This leads to the modular software design and ease of maintenance in the long run. Consider the typical case of the GSM call processing scenario for the establishment of a mobile-originated call (Figure 2.8). In this call processing scenario, the BSC allocates the necessary radio resources to the requesting mobile device. While doing so, the GSM L3 sublayers – Call Control/Connection Management (CM), Mobility Management (MM), and Radio Resource (RR) layers – perform the required processing for the allocation of various resources for the concerned mobile device. In this case, the CM, MM, and RR protocol sublayers could be implemented separately (pipelining) and assigned to an individual core instead of a monolithic (run-to-completion) designed for processing end-to-end call processing tasks. Any bug correction or enhancements made shall affect the concerned layer only in the case of a pipelining model. The selection of a particular programming model based on a multicore processor shall depend on the application’s requirements.

13.3  ­Selecting Software Platforms and Features The usages of a software development platform have close links to the hardware and operating system platform that a developer has selected for a network element. Each hardware and operating system platform has its development environment in terms of the SDK. Apart from this, development languages such as C and C++ are used to develop core elements of a mobile communications network. This is because these languages, in combination with inline assembly language, can be used to access and program hardware devices or boards in use, including processor and memory. Such capability may be required depending on the kind of system being developed as well as the operating system and hardware platform being used. Also, all the available operating systems allow the system services provided by it to be accessed through predefined sets of C/C++ application programming interfaces (APIs), for example, to perform an inter-process communication (IPC), process/thread creation/termination system calls, and so on. As far the C/C++ languages are concerned, they expose low-level system facilities and also allow direct calls to native system libraries, so have full access to the features and performance of the platform on which the software runs can be performed using the C/C++ languages. A developer is also required to be an expert in using and

179

180

Mobile Communications Systems Development

handling of the various data types, operators, and advanced data structures such as the following ones while implementing protocol layers: ●● ●● ●●

Structures, Arrays, Pointers, Union, and Bit-field Advanced data structures – Tree, Stack, Linked List, and Queue Right shift(>>), left shift ( rbg‐Size) will be applicable based on Table 5.1.2.2.1‐1 in TS 38.214 [109], i.e. the number of RBs per RBG is P = 2. Number of RBG/bitmap size (FDRA) = Ceil ((8+ [3 mod 2])/2) = 5 (Section 5.1.2.2.1 in TS 38.214 [109]) Number of resource block in first RBG = 2− (2 mod 2) = 1 (Section 5.1.2.2.1 in TS 38.214 [109]) Number of resource block in last RBG = (3 + 8) mod 2 = 1 [Section 5.1.2.2.1 in TS 38.214 [109]] Number of resource block in all other RBGs (1–3) = P = 2. The FDRA to a UE with the above information is illustrated in Figure 19.33. As calculated above, the first and last RBG contain only 1 RB each, and RBGs 1–3 contain equal RBs. In this illustration, RBGs 1–3, and their resources blocks, are shown to be as allocated (shaded) whose RBG bitmap value is 1. RBG 0 and RBG 4 are not allocated. 0

1

2

3

4

0

1

1

1

0

RBGs

RBG0

RBG1

RBG2

RBG3

RBG4

1

3

5

7

9

RBG Bitmap

VRB

0

2

4

6

8

Figure 19.33  Illustration: resource allocation Type 0 in the NR frequency domain.

10 11 12 13 14 ……

Example 19.2  Frequency Domain Resource Assignment for PDSCH with Resource Allocation Type 0 and Equal RB Consider another FDRA to a UE for PDSCH reception by it with a BWP of 16 RBs. Further, assume that the RB starts at VRB #10. From the BWP size  =  16, the RBG configuration #1 will be applicable based on Table 5.1.2.2.1‐1 in TS 38.214 [109], i.e. number of RBs per RBG is P = 2. Number of RBG/bitmap size (FDRA) = Ceil ((16+ [10 mod 2])/2) = 8 (Section 51.2.2.1 in TS 38.214 [109]) Number of resource block in first RBG = 2− (10 mod 2) = 2 (Section 51.2.2.1 in TS 38.214 [109]). Number of resource block in last RBG = 2 since (10 + 16) mod 2 = 0 (Section 51.2.2.1 in TS 38.214 [109]). Number of resource blocks in all other RBGs = P = 2. As calculated above, each RBG contains two RBs; thus, the total RB allocated is 8 × 2 = 16. Frequency domain resources assigned to a UE with the above information can be represented similarly as illustrated in Figure 19.33 in the previous example.

5G NR Air Interface: User Plane Protocols ●●

Resource Allocation Type 1 (Based on Start and Length of Resource Block)

On the other hand, Type 1 resource allocation is based on the allocation of an active BWP which consists of a set of contiguous PRBs of a BWP. Resource allocation type is specified using the RRC signaling IE resourceAllocation as part of PDSCH or PUSCH‐Config configuration provided by the NG‐RAN/gNB toward a UE. The following information is provided to a UE as part of a BWP allocation; TS 38.331 [116]. i)  SCS ii)  CP iii)  BWP identifier iv)  Common and dedicated parameters related to the allocated BWP v)  A common RB and several contiguous RBs as the bandwidth or size of the allocated BWP The starting RB and the number of RBs for the allocated BWP are jointly encoded into a single parameter called locationAndBandwidth, which is provided by the RRC layer as part of the generic BWP information; TS 38.331 [116]. Type 1 resource allocation to a UE in UL or DL direction contains a piece of information called Resource indication Value (RIV) which is derived from the locationAndBandwidth of the BWP information. Since the actual resources are allocated to a UE in terms of a VRB, the RIV contains the starting VRB and length in terms of the number of consecutive RBs with the BWP allocated. The starting RB is denoted by RBstart, and the number of consecutive RBs of a BWP is denoted by LRB, as mentioned in TS 38.214 [109]. The calculation of RBstart, and LRBs are illustrated below, see Examples 19.3 to 19.4, using the formula described in Section 5.1.2.2.2 in TS 38.214 [109].

Example 19.3  Frequency Domain Resource Assignment for PDSCH Reception with Resource Allocation Type 1 and SCS: 15 kHz Assume that the locationAndBandwidthprovided information provided by the RRC layer as part of the BWP allocation is 1000, i.e. RIV = 1000, for SCS:15 kHz and carrier bandwidth of 20 MHz. The maximum size of a BWP in terms of number PRB (NBWP size) is 275, as defined in TS 38.213 [108]. Maximum number of PRBs for SCS: 15 kHz and carrier bandwidth: 20 MHz is, say, Y = 106 RB (TS 38.104 [103]) Also, say, X = Floor (NBWP size/2) = 137 PRBs (Section 5.1.2.2.2 in TS 38.214 [109]). Since Y  X and as per the second equation in Section 5.1.2.2.2 in TS 38.214 [109], calculate LRBs and RBstart as follows: LRBs = (NBWP size + 1) − RIV/NBWP size and RBstart = NBWP size – 1 − RIV % NBWP size, which gives a)  LRBs = 275 + 1 – 34 924/275 = 150 b)  RBstart = 275–1 − (34 924% 275) = 0 19.6.8.2 Time‐Domain Resources Allocation for FDD Transmission

Similar to frequency domain resources allocation, resource allocation in the time domain, for FDD, can also vary depending on the network configuration such as different SCSs used for PDSCH or PUSCH and PDCCH transmissions. The network requires to provide dynamically scheduled time‐domain resources allocation information on the timing aspects for transmission/reception of data by a UE. Frequency domain and time‐domain resources for the PDSCH or PUSCH transmission are provided dynamically to a UE through a DCI over the PDCCH. A DCI contains the time‐domain resource assignment (4 bits length) information field, in UL as well as DL, that carries a row index into a predefined lookup table/array defined for resource allocation. Refer to the DL and UL resources allocation lookup tables described in Sections 5.1.2.1.1 and 6.1.2.1.1 in TS 38.214 [109]. The lookup tables have 16 rows (4 bits length) containing different possibilities of resource allocation in DL and UL directions. Using the predefined lookup tables mentioned above, time‐domain resource allocations to UE for the PDSCH and PUSCH transmissions contain combinations of three types of information as mentioned below. Note that time‐domain resources, i.e. OFDM symbols, are allocated within a slot boundary only containing 14 OFDM symbols with a normal CP: –– Slot offset, which is used between the PDCCH/DCI and the scheduled PDSCH or PUSCH. In the case of PDSCH allocation, slot offset K0 is used; slot offset K2 is used in case of PUSCH allocation; refer to TS 38.214 [109]. Using the slot offset K0, UE determines the slot where the PDSCH reception should be performed. If K0 = 0, this means PDSCH reception should be performed on the same slot, but with different OFDM symbols, where PDCCH/DCI was received. Similarly, using the K2, UE determines the slot where PUSCH transmission should be performed. Offsets K0 and K2 can have different values as described in Sections 5.1.2.1.1 and 6.1.2.1.1 in TS 38.214 [109]. –– Start of OFDM symbol “S” (0–13), i.e. first OFDM symbol for the reception of PDSCH or transmission of PUSCH. –– Consecutive OFDM symbols allocation of length “L” (1–14) in the UL or DL direction. –– PDSCH or PUSCH mapping type, which specifies the allowed starting position of the OFDM symbol and its length in a slot. Depending on the valid combinations of values of the S and L, there are two types – Type A and Type B – of resource allocations schemes for PDSCH or PUSCH in the time domain for FDD with normal as well as extended cyclic prefixes. For example, in Type A resource allocation for PDSCH, the allowed value of S is {0, 1, 2, 3} and of L is {3…14}. For normal CP, the maximum value of (S + L) is 14 symbols; for extended CP, it is 12. Refer to Tables 5.1.2.1–1/6.1.2.1‐1 in TS 38.214 [109]. Further, the information – S and L – are also combined and jointly encoded into a single parameter called the Start and Length indicator Value (SLIV). The maximum value range of SLIV is 0–127. Given the SLIV, the formula

5G NR Air Interface: User Plane Protocols

to calculate the S and L are described in Sections 5.1.2.1 and 6.1.2.1 in TS 38.214 [109]. Allocation of time‐domain resources through default as well as RRC signaling methods with the usages of the above offsets and SLIV are described in the subsequent discussions. ●●

Time‐Domain Resources Allocation (FDD): Default versus RRC Signaling

NR physical layer provides default as well as RRC layer signaling options to allocate time‐domain resources in DL and UL directions in FDD mode for the parameters (K0, K2, S, L, and mapping type) mentioned above. –– Default Resource Allocation Method Default time‐domain resources allocation is described and predefined in lookup Tables 5.1.2.1.1‐2, 5.1.2.1.1‐3, 5.1.2.1.1.‐4, 5.1.2.1.1‐5 in TS 38.214 [109] for DL direction through DCI 1_0/1_1 and Table 6.1.2.1.1‐2 in TS 38.214 [109], for UL direction through DCI 0_0/0_1. –– RRC Signaling‐Based Resource Allocation Method Time‐domain resources can be also allocated through dedicated RRC signaling message and its IE: pdsch‐ ConfigCommon/ pdsch‐Config  ‐>  pdsch‐TimeDomainAllocationList  ‐>  PDSCH‐TimeDomainResourceAllocation for DL direction and pusch‐ConfigCommon/ pusch‐Config  ‐> pusch‐TimeDomainAllocationList  ‐> PUSCH‐ TimeDomainResourceAllocation for UL direction. In this case, the NG‐RAN provides the slot offset K0, mapping type (A/B) of allocation and SLIV to UE through the IE PDSCH‐TimeDomainResourceAllocation or PUSCH‐ TimeDomainResourceAllocation. These are array‐like IEs that can have N rows/elements as shown below: Entries in PDSCH-TimeDomainResourceAllocation/list or array: refer to TS 38.331 [116] { {K0, mappingType, startSymbolAndLength },/* K0: downlink, K2:Uplink */ {K0, mappingType, startSymbolAndLength }, {K0, mappingType, startSymbolAndLength }, …………… {K0, mappingType, startSymbolAndLength } }; /*N entries */ Based on the number of rows/entries (N) in the IE: PDSCH‐TimeDomainResourceAllocation or PUSCH‐ TimeDomainResourceAllocation, the number of bits required to provide the time‐domain resources allocation through a DCI field is calculated as follows: Bit widths for Time‐domain resource assignment field in DCI 1_1 or DCI 0_1  =  Ceil (log2 (N)) bits [TS 38.212 [107]]. For example, consider that there are eight entries in the PDSCH‐TimeDomainResourceAllocation IE. This means that three bits will be required to provide the Time‐domain resource assignment field of DCI 1_1 or DCI 1_0. If a UE receives a Time‐domain resource assignment as value “000”, it indicates the first row/entry of the PDSCH‐ TimeDomainResourceAllocation IE. Based on several factors such as the RNTI type, PDCCH search space, Synchronization Signals Block (SSB) and CORESET multiplexing pattern, a UE will use the appropriate lookup table from a default or RRC signaling‐based time‐domain resource allocation method as described in Table 5.1.2.1.1‐1 (DL)/Table 6.1.2.1.1‐1 (UL) in 38.214 [109]. Further, from these tables, there are three (A/B/C) default time‐domain resource allocation types in the DL direction, whereas there is only one, i.e. Default A, type of resource allocation in the UL direction. Also, the default time‐ domain resource allocation method is used in case the allocation through RRC layer signaling based is not configured through pdsch‐Config/pdsch‐ConfigCommon/pusch‐ConfigCommon/pusch‐Config. Time‐domain resource allocation in FDD using default and RRC signaling are illustrated below, see Examples 19.5 to 19.7.

381

382

Mobile Communications Systems Development

Example 19.5  Default Resource Allocation in the Time Domain (FDD mode) for PDSCH Reception with Different Subcarrier Spacings for PDCCH and PDSCH One example is illustrated below for the calculation of a timeslot allocation for PDSCH reception by UE in FDD mode using the default method with normal CP, i.e. 14 OFDM symbols per slot and PDSCH mapping Type B. Also, assume that –– Time‐domain resource is allocated using the default allocation of Type B with row index = 6; refer to Table 5.1.2.1.1‐4 in TS 38.214 [109]. Thus, S = 2, L = 2, and K0 = 1. –– For PDCCH, numerology = 0 (15 kHz), and for PDSCH, numerology = 1 (SCS 30 kHz). –– DCI is received over the PDCCH subcarrier on slot #1, i.e. n = 1. Since the numerologies used for PDCCH and PDSCH are different, the timeslot for the PDSCH will be calculated as follows; refer to Section 5.1.2.1 in TS 38.214 [109] for the formula. PDSCH Timeslot = Floor (n * [2μPDSCH/2μPDCCH]) + K0 = Floor (1*[21/20]) + 1 = 3 (on PDSCH SCS). From this calculation, UE PDSCH reception will take place on a timeslot 3 with starting symbol (S): 2 and length (L): 2, as illustrated in Figure 19.35. That is, UE will receive PDSCH over the timeslot 3 only and symbols 2 and 3. Further, using the formula mentioned in Section 5.1.2.1 in TS 38.214 [109], the SLIV is calculated to be 16. NR FRAME Timeslot

TS0 TS1 TS2 TS3 TS4 TS5 TS6 TS7 TS8 TS9

Figure 19.35  Illustration: time‐domain resource allocation for PDSCH by RRC signaling.

SCS: 15 KHz PDCCH DCI Timeslot SCS: 30 KHz

0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19

PDSCH Slot = 3

0 1 2 3 4 5 6 7 8 9 10 1112

PDSCH: S = 2

L=2

OFDM Symbols

Example 19.6  Default Resource Allocation in the Time Domain (FDD) for PDSCH Reception with the Same SCS for PDCCH and PDSCH Consider that PDCCH and PDSCH are allocated over the same SCS of 15 kHz with normal CP, i.e. 14 OFDM symbols per slot. Also, assume that time‐domain resource is allocated using the default allocation of Type B with row index = 6; refer to Table 5.1.2.1.1‐4 in TS 38.214 [109], giving S = 2, L = 2, and K0 =  1. Further, assume that the DCI is received over PDCCH timeslot #1(n = 1) and its OFDM symbol 0. Thus, PDSCH Timeslot = Floor (n * [2μPDSCH/2μPDCCH]) + K0 = Floor (1*[20/20]) + 1 = 2 PDCCH and PDSCH resource allocations described above can be illustrated as shown in Figure 19.36.

5G NR Air Interface: User Plane Protocols

Figure 19.36  Illustration: (FDD) time‐domain resource allocation for PDSCH: default allocation.

NR FRAME TS0 TS1 TS2 TS3 TS4 TS5 TS6 TS7 TS8 TS9 SCS: 15 KHz 0 1 2 3 4 5 6 7 8 9 10 1112 13

0 1 2 3 4 5 6 7 8 9 10 1112 13

OFDM Symbols PDCCH DCI Symbol TS1: PDCCH Slot

S=2

L=2

OFDM Symbols

TS2: PDSCH Slot

Example 19.7  RRC Signaling‐Based Time‐Domain Resource Allocation, for FDD Mode, with Different SCS for PDCCH and PDSCH As mentioned above, NG‐RAN can also provide time‐domain resources through the RRC layer signaling message for the PDSCH reception by the UE. Given the K0 = 1, SLIV = 16 over the RRC IE: PDSCH‐TimeDomainResourceAllocation and PDSCH timeslot = 3, which was also computed in the previous example as part of a default time‐domain resource allocation method, the PDSCH start symbol (S) location and its consecutive symbols length (L) can be calculated by the UE using the formula mentioned in Section 5.1.2.1 in TS 38.214 [109], as follows: L = (16/14) + 1 = 2 Symbols for PDSCH S = 26%14 = 2 (PDSCH starting symbol) Time‐domain resource allocation for PDSCH using the above examples was illustrated earlier in Figure 19.35. Radio resource allocation in frequency and time domain in the NR FDD mode has been described and illustrated above. Radio resource allocation in the time domain in the NR TDD mode will be described next. 19.6.8.3 Time‐Domain Resources Allocation for TDD

Configurable timeslot formats used in the NR system for TDD mode transmission/reception were explained earlier in Section 19.6.4.3. A UE will use the TDD resources (slots and symbols) provided over the respective DCI, i.e. DCI 0_0/0_1 and DCI 1_0/1_1, for UL transmission or DL reception under the following conditions: –– If a UE or group of UEs is not configured or UE capability does not support to monitor SFI information provided over the DCI 2_0 with sfi‐RNTI or –– TDD resources are also not provided over the RRC layer IE: TDD DL‐UL‐Config. Note that if a UE finds conflict in the TDD resources allocated by the NG‐RAN/gNB through the TDD DL‐UL configuration and also through the respective DCIs in UL or DL direction, then the UE will not transmit over the PUCSH or receive over the PDSCH using the conflicting resources/timeslot scheduled using the respective DCIs. For example, suppose a UE has been scheduled dynamically using a DCI for DL PDSCH reception over timeslots 1 and 2. Also, the UE was allocated the timeslot 1 through the TDD DL‐UL IEs which contains at least one symbol in the UL direction. In this case, the UE will not receive PDSCH over the timeslot 1 allocated through a DCI. For more details on the procedure used by UE and its expected behavior toward the processing of slot format information and transmission/reception using it, refer to Section 11 in TS 38.213 [108].

383

384

Mobile Communications Systems Development

19.6.9  Transport Channels and Their Processing Chain ●●

NR Transport Channels

Similarly, as in the LTE system, 5G NR supports the following transport channels in DL as well as UL direction over its air interface: –– DL‐SCH –– BCH in the DL direction –– PCH in the DL direction –– UL‐SCH –– RACH in the uplink direction Using the above transport channels, the NR physical layer provides services to the MAC layer. BCH carries the system information, received through the BCCH, as broadcasted by the NG‐RAN in a serving cell. PCH carries the paging message information, received through the PCCH, as broadcasted by the NG‐RAN in a serving cell. DL‐ SCH and UL‐SCH carry multiplexed data and control information between UE and NG‐RAN and vice versa. Table 19.2 in Section 19.5.10 shows the mapping and multiplexing of different logical channels onto their corresponding transport channels in the NR system. ●●

NR Transport Channels Processing Chain

Higher layer information, either control or user data, is exchanged in the form of a transport block from the MAC layer to the physical layer through the DL‐SCH or UL‐SCH transport channels. The physical layer transfers the transport blocks over the respective physical channels, e.g. PDSCH and PUSCH. The transport blocks that are transmitted over the air interface between a sender and a receiver are likely to get affected because of various environmental‐related reasons, e.g. noisy channels. Thus, the condition of a radio channel between a transmitter and a receiver is not always perfect. To avoid transmission‐related errors over an imperfect channel condition, the NR physical layer at the sending end attempts to improve the reliability of information exchanged over the air interface so that the receiver can decode and extract the transport block correctly. In this regard, the NR physical layer at the sending end performs several functions, called channel coding, in terms of the preparation of the received transport block from a higher layer as well as its actual transmissions over the NR air interface. Figure 19.37 illustrates the overall and general functions performed as part of the physical layer processing tasks for transmission of a transport block in UL and DL directions over the NR air interface between UE and NG‐RAN. As part of the preparation stage, the NR physical layer at the sending end performs several subtasks. Those subtasks collectively form the channel coding procedure, producing a code word from an original transport block. These aspects shall be described in this section. Next, as part of the actual physical channel processing and signal generation stage, the NR physical layer performs several subtasks or procedures. Those subtasks collectively form the scrambling and modulation procedure, which shall be described in the next section. The NR physical layer at Transport Block DL-SCH or UL-SCH

MAC Layer

Channel Coding TS 38.212

Signal Generation TS 38.211

Preparation

Actual Transmission

Physical Layer

Physical Layer Processing Tasks

Figure 19.37  Illustration: physical layer processing stages for a transport block.

5G NR Air Interface: User Plane Protocols Transport Block

MAC Layer 1..N

1..N CRC

-Code Block Segmentation -Add CRC

LDPC Encoding

1..N Rate Matching

Physical Layer Code Block Concatenation

Figure 19.38  Illustration: physical layer processing chain for a transport block.

the receiving end performs the opposite of the above functions, called decoding, to extract the transport block and pass it to the MAC layer. Receiving MAC layer further demultiplexes the transport block data and passes it to the RLC layer. Note that depending on the multiple antenna system configurations in use between an NG‐RAN and UE (e.g. spatial multiplexing transmissions), two transport blocks may be used for channel coding purposes. The NR transport channel processing chain performed at the physical layer on a transport block received from the MAC layer contains the following steps, in general, and in sequence in UL and DL directions at the transmitting end; see Figure 19.38 for illustration. i)  Calculation of CRC for error detection purposes (at receiver end) and append it to a transport block; ii)  Code block segmentation into the number of blocks (1…N) and add additional CRC to each segmented block; iii)  Channel encoding for error correction purposes. The LDPC method for encoding of user data and the polar coding method for encoding of control or signaling information is used in the NR; iv)  Rate matching of each encoded block; and v)  Concatenation of the rate matched code blocks (1…N). The above processing chain resembles with transport channel processing chain used in the LTE system. It may be noted that not all of the above processing steps are applied to process all types of transport channels. An overview of the above transport channel processing steps is described in the next subsections for the UL‐SCH transport channel only. Further, to illustrate, the multiplexing of the UL‐SCH transport channel carrying user data and UCI from UE to NG‐RAN is also described. 19.6.9.1  CRC Calculation and its Attachment to a Transport Block

To detect an error in a transport block carrying MAC layer PDUs, a CRC is attached to it. The length (L) of the CRC parity bits depends on the transport block payload size (A). If the size is more than 3824 bits, CRC parity size (L) of 24 bits is used; otherwise, parity bits size (L) of 16 bits is used and appended to a transport block. Further, as defined by the 3GPP standard in TS 38.212 [107], a base graph is used to generate an LDPC code. Two graphs, base graph 1 and base graph 2, are used to generate an LDPC code depending on the payload size (A) and coding rate. If the transport block payload size (A) is less than or equal to 292 bits or if payload size (A) is less than or equal to 3824 and the coding rate is less than or equal to 0.67 or if the coding rate is less than or equal to 0.25, then the LDPC base graph 2 is used; otherwise, LDPC base graph 1 is used; refer to TS 38.212 [107]. Base graph 1 is used for large payload, i.e. transport block size, whereas the base graph 2 is used for small payload size. 19.6.9.2  Code Block Segmentation

A transport block with CRC attached to it may be segmented again, resulting in several code blocks. A transport block along with its CRC shall be segmented if the combined inputs bits length (B) is greater than the maximum size of a code block. The maximum size of a code block depends on the base graph used to generate an LDPC code. If base graph 1 is used, the maximum size of a code block is 8448 bits, and in the case of base graph 2, the maximum size is 3840. An additional CRC parity bit of 24 bits length is again added into each segmented code block if the transport block, with CRC, was segmented; otherwise, no more additional CRC is added. If the combined size

385

Mobile Communications Systems Development

of the transport block and its CRC is less than the maximum size of a code block, i.e. 8448 or 3840 bits, the number of the code block is one. Otherwise, the number of code blocks and the number of bits in each segmented block are determined using the formula described in Section 5.2.2 in TS 38.212 [107]. 19.6.9.3  Channel Encoding with LDPC

Each segmented code block is then encoded using the LDPC coding method, which is a key difference from the LTE system as far as the DL and UL SCH processing chain is concerned. LDPC is also a forward error correction method applied over a noisy transmission channel. LDPC code was invented by Robert G. Gallager. The resulting LDPC encoded code block is a linear block code that contains information bits and parity bits, as illustrated in Figure 19.39. LDPC code works by using a parity check matrix, H, such that for a given LDPC code word C, the relationship HxC T = 0. Here, CT is the transposed matrix version of the code word C. Parity matrix H is a sparse matrix containing mostly 0s and a small number of 1s. ●●

Base Graphs (BGs) for LDPC Encoding

LDPC uses two BGs and matrices for channel encoding purposes of varying transport block sizes. BG matrix 1, BG1, has the dimension of 46 rows (Nr) × 68(Nc) columns. BG matrix 2, BG2, has the dimension of 42 rows (Nr) × 52(Nc) columns; refer to Tables 5.3.2‐2 and 5.3.2‐3 in TS 38.212 [107]. BG1 and BG2 are illustrated in Figure 19.40. As illustrated in Figure 19.40, the base graph 1 – BG1 – has the information bits size of Kb = 22 columns and base graph 2 – BG2 – has the information bits size of Kb = 10 columns. It may be noted that the first two columns of the BG1 and BG2 are not transmitted, but they are used for puncturing purposes. Thus, the number of columns available for LDPC encoding using BG1 is 66, and for BG2, it is 50. The dotted rectangles illustrate how varying code rates (CR), CR1, CR2, and so on, such as 1/3 (=22/66), 2/3 (=22/33) with BG1, or 1/5 (=10/50) with BG2, can be achieved with the LDPC encoding method using a BG and its matrix.

Information bits (k)

Parity bits (n-k)

LDPC Codeword: n bits

Figure 19.39  Illustration: components of an LDPC codeword.

CR1 CR2

68

1 Nr = 42

52

Information Bits Kb = Nc – Nr = 22 Parity Bits 22 1

Nr = 46

386

Information Bits Kb = Nc – Nr = 10 Parity Bits 10

CR1 CR2

42

46 Nc = 68 (a) Base Graph1: BG 1

Nc = 52 (b) Base Graph 2: BG 2

Figure 19.40  Illustration: LDPC base graphs: BG1 and BG2.

52

5G NR Air Interface: User Plane Protocols ●●

Permutation Matrix for LDPC Encoding

Further, a permutation matrix P, which is a circularly right‐shifted identity matrix of size Z × Z, with the dimension of expansion/lifting size (Z × Z) is also used. As defined in Table 5.3.2‐1 in TS 38.212 [107], there are a total of 51 different lifting or expansion sizes (Z) (right side) which can be used for different LDCP encoding purposes for different payloads or transport block sizes. They are organized into eight sets (iLS) (left side). Using a selected lifting size (Z), an element of a BG matrix: BG1 or BG2 can be further expanded by the size Z × Z. From a given set of lifting sizes provided (right side) in Table 5.3.2‐1 in TS 38.212 [107], select the minimum lifting size (Z) in such a way that it is greater than or equal to the information bits divided by the number of base graph columns (22 for BG1 and 10 for BG2) allocated for the information bits. Refer to this condition in Section 5.2.2 in TS 38.212 [107]. If an entry in the base matrix BG1 or BG2 has a value 0, it is replaced by a zero matrix of size Z × Z. If an entry in the base matrix has a non‐zero value, it is replaced by an identity matrix of size Z × Z with circular shifted to the right. The amount of circular shifting to the right to be performed on the identity matrix is determined through a modulo operation of the concerned value (Vij) and the selected lifting size Z. Value for Vij is defined for each selected column of the concerned BG1 or BG2. Using Table 5.3.2‐2 (BG1) or Table 5.3.2‐3 (BG2) in TS 38.212 [107], the values of Vij are selected for a particular row of BG1 or BG2 and a particular index set (iLS). ●●

Construction of Parity Check Matrix

A parity check matrix H for LDPC encoding purpose can be constructed from a particular BG matrix, BG1 or BG2, and permutation matrix P. It should be noted that Section 5.3.2 in TS 38.212 [107] describes the LDPC encoding procedure as well as the generation of a parity check matrix H using a base matrix BG1 or BG2 along with a permutation matrix P of expansion/lifting size Z. 19.6.9.4  Rate Matching and Concatenation

Finally, the LDPC encoded set of bits is rate matched as per the allocated radio resources and concatenated sequentially to produce a concatenated block as described in TS 38.212 [107]. The processing chain applicable to the different types of NR transport channels is summarized in Table 19.8. The entire processing steps of a UL‐SCH transport channel described in Table 19.8 are illustrated in Figure 19.41. Further, multiplexing of UCI, if required, along with higher data transmitted over the UL‐SCH is also illustrated. No such multiplexing of DL control information with higher layer data exists in case of a DL transmission from NG‐RAN to UE. Table 19.8  NR transport channels and their processing chain and coding method. Transport Channel

UL/DL

Transport Channel Processing Chain

Coding Scheme

UL‐SCH

UL

CRC generation and attachment, code block segmentation and CRC attachment, channel coding, rate matching, code block concatenation, multiplexing of control, e.g. HARQ ACK/NACK, and user data

LDPC coding

BCH

DL

CRC generation and attachment, channel coding, and rate matching

Polar coding

DL‐SCH

DL

CRC generation and attachment, code block segmentation and CRC attachment, channel coding, rate matching, and code block concatenation

LDPC coding

DCI

DL

CRC generation and attachment, channel coding, and rate matching

Polar coding

UCI

UL

Code block segmentation and CRC attachment, channel coding, rate matching, and code block concatenation

Polar coding

387

388

Mobile Communications Systems Development MAC Layer Physical Layer

Figure 19.41  Illustration: NR UL‐SCH and UCI processing chains and their multiplexing.

UL-SCH (Transport Channel)

Transport block (A)

CRC (L = 24 or 16) Uplink Control Information

B = A+L LDPC Base Graph Selection B Code Block Segmentation …… Code block-n CRC (L = 24) Code block-1 CRC (L = 24) LDPC Coding

Rate Matching

Code Block Segmentation

……

LDPC Coding

Polar Coding

……

Rate Matching

Rate Matching

Code Block Concatenation

Code Block Concatenation

Data and Control Multiplexing

Transport Block(s)

Channel Coding

Code Word(s)

Figure 19.42  Illustration: output of transport block coding process at physical layer.

The output of the entire channel coding process performed by the physical layer on a transport block received from the MAC layer is termed as the code word. This is illustrated in Figure 19.42. The code word has error detection and protection information, in terms of parity bits, in it because of which its size is more than the original MAC layer transport block. An error protected code word is used as the input to the next stage of the physical layer channel coding process, which shall be described in the next section, for its transmission through the respective physical channels, e.g. PDSCH, PUSCH, and so on, over the NR air interface. As illustrated in Figure 19.38, only one transport block is being used for transport channel coding purposes in the UL direction, producing one code word. However, two transport blocks, Figure 19.42, may be used for transport channel coding purposes in the DL direction in case a spatial multiplexing transmission scheme through multiple antenna systems is used. In this case, two code words, one for each transport block, are produced. 19.6.9.5  Multiplexing of UL‐SCH Data and Uplink Control Information

Unlike the PDSCH, a PUSCH can also transfer physical layer UCI such as the HARQ ACK and CSI from a UE to NG‐RAN in a multiplexed way with normal user data. Multiplexing of upper‐layer information as well as physical layer UL control information (right side) is illustrated in Figure 19.41. As illustrated in Figure 19.41, physical layer UL control information also goes through the typical transport channel coding chain. Refer to Section 6.2.7 in TS 38.212 [107] for details on the multiplexed transmission of data and UL control information over PUSCH. 19.6.9.6  LDPC Encoding Examples

Based on the description provided in Section 19.6.9.3, the construction of a Parity Check Matrix for LDPC encoding is illustrated through the following examples. A graph representation of the parity check matrix is also illustrated. See Examples 19.8 to 19.9.

5G NR Air Interface: User Plane Protocols

Example 19.8  Construction of Parity Check Matrix Based on the steps described in TS 38.212 [107] as well as using a BG matrix mentioned in Section 19.6.9.3, the generation of a parity check matrix is described below. Consider that the size (B) of the transport block received from the MAC layer is 10 bits. Thus, the number of the code block (C) is one (1), and also the BG BG2 selected (Step #2 above) in this case as the input bit string length (10) is less than the maximum code block size 3840. Thus, as per Section 5.2.2 in TS 38.212 [107], the value of Kb = 6 for base graph BG2. Next, find the value of BG lifting (Z) or expansion size. From the condition – Kb × Z ≥ B, the minimum value of Z = 2. Against Z = 2, the value of the set index (iLS) = 0 from Table 5.3.2‐1 in TS 38.212 [107]. Now, using the iLS = 0 and row index = 0 and column indices: 01, 2, 3, 6, 9, 10, 11 from Table 5.3.2‐3 in TS 38.212 [107], construct the base matrix as follows. This example illustrates only the first row of the BG2. Row-Col: 0-0 P(i=0,j=0) = mod(Vij, Z) [ Vij : Table 5.3.2-3, TS 38.212 [107]] =mod(9,2) =1 Row-Col: 0-1 P(i,j)= mod(Vij, Z) =mod(117,2) =1 Row-Col: 0-2 P(i,j)= mod(Vij, Z) =mod(204,2) =0 Row-Col: 0-3 P(i,j)= mod(Vij, Z) =mod(26,2) =0 Row-Col: 0-6 P(i,j)= mod(Vij, Z) =mod(189,2) =1 Row-Col: 0-9 P(i,j)= mod(Vij, Z) =mod(205,2) =1 Row-Col: 0-10 P(i,j)= mod(Vij, Z) =mod(0,2) =0 Row-Col: 0-11 P(i,j)= mod(Vij, Z) =mod(0,2) =0 Columns(Vij): BG2 0 1 2 3 4 5 6 7 8 9 10 11 Row(i)-0 1 1 0 0 1 1   0 0 ………… ………………………………………………………...................… Row: 51  .……………………………………………......................………… In the above base matrix BG2, a row/column entry with value 1 will be replaced by a 2 × 2 identity matrix with circularly shifted to the right by 1 time, i.e. [{0,1},{1,0}]. Similarly, if a row/column entry has any other non-zero value, the identity matrix will be circularly right-shifted by those times. A row/column entry with value 0 will be replaced by a zero matrix of 2 × 2 size, i.e. [{0,0},{0,0}].

Example 19.9  Graph Representation of Parity Check Matric of LDPC Code A parity check matrix H (left side) for an LDPC code and its bipartite graph (right side) representation is illustrated in Figure  19.43. The bipartite graphical representation consists of two nodes – variable nodes and checks nodes. Variable nodes (N = 8) are equal to the number of columns of the parity check matrix H or total number of bits being transmitted. Each variable node represents one of the bits (labeled as C0–C7) LDPC encoded code word. Similarly, the number of parity bits/columns (P): C5, C6, and C7 are equal to the number of rows of the parity check matrix H. A row represents the parity check constraint or equation. In this illustration, the coding rate will be R = (Number of message bits: k excluding the parity bits)/Number of bits transmitted (n), i.e. 5/8. As the number of parity or protection bits increases, the code rate decreases. Figure 19.43  Illustration: an LDPC parity check matrix and its graph representation.

Variable Nodes (n) Parity Check Matrix 1 0 1 0 0 1 0 0 H=

C0

C1

C2

C3

C4

C5

0 1 0 1 0 0 1 0 0 0 1 0 1 0 0 1

P1

P2

Check Nodes (n-k)

P3

C6

C7

389

390

Mobile Communications Systems Development

The parity check constraints can be expressed as follows: C0 C1 C2 C3 C4 C5 C6 1 ⊕ 0 ⊕ 1  ⊕ 0 ⊕ 0 ⊕ 1  ⊕ 0 ⊕ 0 ⊕ 1  ⊕ 0 ⊕ 1  ⊕ 0 ⊕ 0 ⊕ 1  ⊕ 0 ⊕ 0 ⊕ 1  ⊕ 0 ⊕ 1  ⊕ 0 ⊕ 0 ⊕

C7 0 = C0 + C2 + C5 (Exp1) 0 = C1 + C3 + C6 (Exp2) 1 = C2 + C4 + C7 (Exp3)

Consider that the information bit string to be transmitted is 11001, which is labeled from C0 to C4. The parity bits C5, C6, and C7 will be calculated as follows using the above expressions: Exp1, Exp2, and Exp3. Note that the bits are added using the modulo-2 sum (⊕)operator. From the given input string: 11001 C0 1

C1 1

C2 0

C3 0

C4 1

With these input bit strings and using the Exp1, Exp2, and Exp3 shown above, the parity bits C5, C6, and C7 can be calculated as follows: 1 ⊕ 0 ⊕ 1 = 0 (C0 + C2 + C5 -> C5 must be 1 to satisfy the condition) 1 ⊕ 0 ⊕ 1 = 0 (C1 + C3 + C6 -> C6 must be 1 to satisfy the condition) 0 ⊕ 1 ⊕ 1 = 0 (C2 + C4 + C7 -> C7 must be 1 to satisfy the condition) Thus, from the above modulo-2 sum, the parity bits C5, C6, and C7 are 1,1,1. The complete LDPC encoded bit strings to be transmitted with these parity bits will be 11001111, which is further represented graphically in Figure 19.44. At the receiving end, the LDPC decoder will find that the modulo −2 (⊕) sum of all 1’s (11001111) is equal to 0, which indicates that the message bits, as well as the parity bits, are received correctly. The original message bits (11001) are retrieved and passed to the higher layer.

19.6.10  Physical Channels and Their Processing Chain 19.6.10.1  Physical Channels

The NR physical layer uses the following physical channels, in UL and DL directions to transfer the contents, i.e. a code word, of the corresponding transport channel after processing it. Each of these physical channels is assigned a set of REs to transmit higher layer information. –– PDSCH The PDSCH transfers user data as well as signaling information such as paging information to UE in a multiplexed manner. –– PDCCH Variable Nodes = 8 1

1

0

0

0

1

0

1

1

1

0

Check Nodes = 3

Figure 19.44  Graphical representation of LDPC encoded bit string: 11001111.

5G NR Air Interface: User Plane Protocols

The PDCCH transfers scheduling assignment for DL PDSCH reception/UL PUSCH transmission and other control information from Ng‐RAN to UEs in a serving cell. PDCCH and DCI are described later in Section 19.6.10.5. –– PBCH The PBCH transfers minimum and key system information (MIB) which is read by UEs in a serving cell to access an NG‐RAN and register with the 5GC. Using the information provided in the MIB, a UE further reads the remaining minimum system information (RMSI) transmitted by the NG‐RAN/gNB in every 160 ms. –– Physical Random Access Channel (PRACH) As part of a RACH procedure, the PRACH transfers random access request preamble from a UE to NG‐ RAN due to several events such as UE initial network registration, RRC connection re‐establishment requirements, and on‐demand system information request (new in the NR) by UE. Similar to the LTE system, there are a total of 64 PRACH preambles. Zadoff–Chu sequences are used to generate a RACH preamble sequence. However, unlike LTE, and also due to the different SCSs in the NR system, there are two types of preamble formats – long and short – with different preamble sequence lengths (839 and 139); refer to Tables 6.3.3.1‐1 and 6.3.3.1‐2 in TS 38.211 [106]. Preamble sequence length 139 supports nine formats and is used with SCSs 1.25 and 5 kHz. Preamble sequence length 839 supports four formats and is used with SCSs 15, 30, 60, and 120 kHz. –– PUSCH The PUSCH transfers user data as well as piggybacked UL control information, such as HARQ ACK and CSI, from a UE to NG‐RAN. A UE performs PUSCH transmission upon detection of DCI 0_0 and DCI 0_1 over PDCCH from NG‐RAN. Further, using PUSCH, a UE can perform codebook‐based (over multiple antenna ports or layers) and non‐codebook (using single antenna port)‐based transmission in the UL direction to the NG‐RAN. –– Physical Uplink Control Channel (PUCCH) As part of reporting of control or signaling information from UE to NG‐RAN, the PUCCH transfers UL control information such as the HARQ, SR, and CSI from UE to NG‐RAN. Similar to LTE PUCCH, there are several formats of PUCCH, Format 0–4. It may be noted that in the LTE physical layer, there are additional DL control channels, namely Physical Control Format Indicator Channel (PCFICH) and Physical Hybrid ARQ Indicator Channel (PHICH), which are not available in the NR physical layer. A PCFICH provides the PDCCH OFDM symbol information to UEs from the LTE control region in the time domain. In the NR system, such a channel is not required as the OFDM symbol allocation information for the PDDCH is provided as part of a CORESET, which is described later in Section 19.6.10.5. A PHICH provides the status of the transport blocks received by the E‐UTRAN from UE. 19.6.10.2  Channel Mappings

A transport channel may carry the multiplexed data from different logical channels containing higher layer data. A transport channel is mapped to its corresponding physical channel for transmission over the NR air interface in the DL or UL direction as listed in Table  19.9. Transmission of DL and UL control information through their respective physical channel is also listed. Such control information is generated at the physical layer itself and transmitted through the respective physical channel over the NR air interface.

391

392

Mobile Communications Systems Development

Table 19.9  NR transport channel to physical channel mappings. Transport Channel

Control Information

Physical Channel

Direction

DL‐SCH, PCH

–

PDSCH

Downlink

BCH

–

PBCH

–

DCI

PDCCH

UL‐SCH

–

PUSCH

RACH

–

PRACH

–

UCI

PUCCH, PUSCH

Uplink

The spatial multiplexing through multiple antenna transmissions and receptions and its related aspects are described first in the next section as they are essential to understand the tasks associated with a physical channel processing chain. 19.6.10.3  Multiple Physical Antenna Transmissions

In a conventional communications system, a single antenna system is used at the transmitter and receiver end to transmit and receive information between them. However, to offer higher data throughput to users or to provide a robust communication link in varying radio conditions, the NR system uses the multiple physical antenna systems at the NG‐RAN/gNB and UE ends, which is one of the main features introduced over its physical layer radio air interface access path. Multiple antenna configurations used in NR NG‐RAN are classified into the following types: –– Single Input Single Output (SISO); –– Multiple Input Single Output (MISO); –– Single Input Multiple Output (SIMO); and –– Multiple Input Multiple Output (MIMO). The aforementioned multiple antenna configurations used over the NR air interface are illustrated in Figure 19.45. In a SISO configuration, only one physical antenna is used by each transmitter and a receiver. SISO is a kind of default antenna configuration used between a transmitter and receiver in any communications system. However, the reliability of signal strength and its quality received at the receiver end using a SISO antenna system may be low. ●●

Purposes of Multiple Physical Antenna Systems

Transmissions and receptions using multiple antenna (MISO, SIMO, and MIMO) systems over the physical layer air interface may be used for the following purposes: –– Diversity gain, where the same data is transmitted from multiple antennae (MISO) or received at multiple antennae (SIMO) to increase the reliability, e.g. for different services under the URLLC use case, of data reception at the receiver end. Diversity gain may be used to recover the original signal from fading losses as a result of its radio wave propagations through different surrounding environmental conditions. –– Spatial multiplexing, for achieving a high data rate over the NR air interface. ●●

Spatial multiplexing.

In a conventional communications system, different physical antenna systems transmit in different frequencies. However, like in the LTE system, in the NR system also, data transmissions/receptions between UE and NG‐RAN/gNB can be performed through the usages of the MIMO physical antenna configurations over the same frequency and time resource at the same time, i.e. a resource grid/block. Such an arrangement of transmissions/receptions over multiple

5G NR Air Interface: User Plane Protocols

Figure 19.45  Illustration: NR multiple antenna configurations and transmissions. Tx gNB

Code

Rx

(a) SISO

Rx

Tx Rx

Word: x Tx

UE

Tx

(b) MISO

gNB

UE

gNB

Rx (c) SIMO

UE

Code Word: x Code Word: y

Tx

Tx gNB

.....

.....

.....

..... (d) MIMO

Rx

Rx UE

antenna systems is called a Spatial Multiplexing and may be used as another method to achieve high data rates between a transmitter and its receiver. Such high data rates with spatial multiplexing are achievable through transmissions of multiple independent parallel data streams, resulting from either a single code word or two code words, between a transmitter and a receiver. Transmissions with spatial multiplexing targeted to a single UE are called Single user MIMO (SU‐MIMO), whereas transmissions to multiple UEs are called Multiuser MIMO (MU‐MIMO). For a MIMO configuration to work, at least two antennas are required at the transmitter and receiver ends, as illustrated in Figure 19.45d. Unlike the MISO and SIMO configurations where a single code word is transmitted, see Figure 19.45b, in the case of MIMO configuration, up to two code words of a user data can be transmitted (Tx) and received (Rx) through multiple antennas. Refer to the illustration shown in Figure  19.45d. Thus, the user data throughput gained in the case of MIMO configuration is higher than the MISO and SIMO configurations. A MIMO configuration is specified as T × R where T is the number of transmit antennas and R is the receiving antennas. In Figure 19.45d, the MIMO configuration is referred to as the 2(at gNB) × 2(at UE) matrix dimension. There can be an 8 × 8, 4 × 4, 3 × 3, and so on, MIMO configurations in the NR system, which is derived based on Demodulation Reference Signal (DMRS; as described in a later Section 19.6.12) port as specified at various tables in TS 38.212 [107]. The different paths taken by data transmissions between a transmitter and receiver using a spatial multiplexing method are mathematically represented through a matrix called precoding matrix. Refer to TS 38.211 [106] for such a precoding matrix used for spatial multiplexing transmissions purposes. ●●

Logical Antenna Ports

In the preceding paragraphs, NR physical layer transmission through a spatial multiplexing method using multiple physical antenna systems was illustrated and described briefly. NR physical layer also defines the logical antenna ports through which the individual physical channels and signals are transmitted. For example, antenna ports starting with 1000 are used for PDSCH transmission, antenna ports starting with 4000 for SS/PBCH block transmission, and so on; refer to TS 38.211 [106]. On top of the starting port number, the actual antenna port numbers to be used are derived by adding the respective port numbers used for the particular DMRS. Refer to the different antenna ports and DMRS ports used in DL and UL directions as specified in TS 38.212 [107] for a single as well as two code words transmissions.

393

394

Mobile Communications Systems Development

Figure 19.46  Illustration: mapping of logical antenna port to a physical antenna for a 2 × 2 MIMO.

Resource Grid

Logical Antenna Port 0 Antenna Port 1

Physical Antenna-1

…… Antenna Port N Physical Antenna-2

Information through a particular physical channel and signal is transmitted through its defined antenna port only. There can be a one‐to‐one mapping between a logical antenna port and a physical antenna, or multiple logical antenna ports to a single physical antenna. For example, in the case of SISO configuration, a single code word is transmitted through a single logical antenna port and physical antenna. Figure 19.46 illustrates the mapping of logical antenna ports to a physical antenna for a typical 2 × 2 by MIMO transmission. As illustrated, antenna ports of a particular physical channel or signal are associated with a resource grid having the same resources in the frequency and time domain. An analogy for an antenna port can be drawn from the network interface (NIC) card of a desktop computer using which multiple processes can send and receive information through its TCP or UDP port. Similarly, a server computer can have more than one NIC to provide higher throughput or failover protection. Air interface transmissions and receptions through multiple antenna systems and ports in NR NG‐RAN may be considered similarly. ●●

Transmissions Layers and Mapping

Similar to the LTE system, another function defined by the NR physical layer as part of the physical channel MIMO processing is the transmission layer which is an independent data stream. A MIMO transmission layer has a one‐to‐one relationship with a logical antenna port. A scrambled and modulated (described in the next section) code word is divided and mapped into multiple layers for transmission in UL or DL direction with a spatial multiplexing method. NR supports the transmission of up to eight layers in the DL direction and up to four layers in the UL direction; refer to Table 7.3.1.3‐1 in TS 38.211 [106]. This means up to eight, in the DL, or four, in the UL, parallel independent streams of data from two code words or one code word may be transmitted. The number of transmission layers is less than equal to the logical antenna ports available at the NR physical layer. Transmission layers mapping may be also used to achieve transmit diversity. Figure 19.47 illustrates a single, and same, code word to multiple layers, either two or four, along with its logical antenna ports mapping in case of a DL transmission using transmit diversity, which is used for reliability decoding purposes at the receiver end. On the other hand, the MIMO configuration shown in Figure 19.48 has two antenna ports or two layers for one code word and five antenna ports or layers for two code words: 1 and 2 mapping. As illustrated, the code word is divided accordingly between the layers for parallel transmissions through different antenna ports. Such transmissions and receptions of code words of a transport block result in a higher throughput for a UE. As illustrated, in case of two code words transmissions, the first code word is divided into two layers, whereas the second code word is divided into three layers. Refer to Table 7.3.1.3‐1: TS 38.211 [106] for the code word to different layers mapping for spatial multiplexing purposes. The preferred number of layers to be used by the gNB in the DL direction may be also reported and recommended by the UE to the gNB. Such recommendation is based on the Rank Indicator K (RI) which is the part of the CSI from UE to gNB. A UE‐reported RI may be greater or smaller than the number of layers in use in the current DL transmission by the gNB. For example, if the current number of layers in

5G NR Air Interface: User Plane Protocols Code Word 1

Code Word 1

Lev el 4

Lev el 2

Antenna Port- 0

Antenna Port- 3

Lev el 1

Antenna Port- 1

Lev el 1

Transmit Diversity

Antenna Port- 0

Figure 19.47  Illustration: transmit diversity: code word to layer mappings.

(Code Word 2) /3 (Code Word 1)/2

(Code Word 1) /2 (Code Word 1)/2

Antenna Port- 1 Antenna Port- 0

1 Codeword to 2 Layers Mapping

Antenna Port- 4 Antenna Port- 3 Antenna Port- 2 Antenna Port- 1

Antenna Port- 0 2 Codewords to 5 Layers Mapping

Figure 19.48  Illustration: spatial multiplexing: code words to layers mappings.

use in the DL direction is 2 but the UE reports the RI = 1, i.e. one layer, this would mean a poor DL channel state as perceived by the UE. For more supplementary information, the reader may further refer to R1‐1702188 [149]. 19.6.10.4  Physical Channel Processing Chain

Similarly, as in the case of the LTE system, the NR physical channel processing chain also contains the following steps in general, and in sequence, at the transmitting end. However, the exact tasks performed and the inputs used in each processing stage vary depending on the physical channel type as well as its direction, UL/DL, being used. In this section, an overview of UL PUSCH processing‐related tasks performed at the physical layer is described below: ●●

PUSCH Processing Chain

i)  Scrambling of LDPC encoded and rate matched code word, which is received from a transport channel processing chains, as shown in Figure 19.41, on a transport block. A code word from the transport channel coding steps is provided to the scrambling process whose purpose is to reject the inter‐cell interference from different sources in wireless communications systems. A block of scrambled bits is generated using a pseudo‐random sequence generator; refer to Section 5.2.1 in TS 38.211 [106]. The same pseudo‐random sequence generator is used by the different physical channels, i.e. PDSCH, PUSCH, PDCCH, and PUCCH, of the NR system but with a channel‐specific initializer. An LDPC encoded code word, scrambling identity, and the RNTI of a UE are used as inputs to a scrambling process and generate a scrambled code word. The pseudo‐random generator is initialized with a scrambling identity whose value can range from 0 to 1023 as configured by the RRC layer through IR dataScramblingIdentityPUSCH. If it is not configured, then the NR PCI with a value range from 0 to 1007 is used as the scrambling identity. Refer to TS 38.211 [106], Section 6.3.1.1 for more information on the NR physical layer scrambling process.

395

396

Mobile Communications Systems Development

ii)  Modulation of a scrambled code word Using a particular modulation scheme such as QPSK, 16/64/256 QAM, Table 6.3.1.2‐1 in TS 38.211 [106], the scrambled code word/binary sequence is mapped using the corresponding expression as defined in TS 38.211 [106] to produce complex‐valued modulation symbols. iii)  Layer mapping of the modulated code word for different transmission layers A code word may be mapped to more than one antenna ports or layers, in case of a MIMO transmission with spatial multiplexing over the PDSCH or PUSCH. In the UL direction, only one code word can be transmitted and is mapped up to a maximum of four layers (1…4), or parallel data streams, through different antenna ports as part of PUSCH transmission using the same time and frequency resources. On the other hand, using DL PDSCH, one or two code words can be transmitted. In the DL direction, one code word can be mapped up to four layers, and two code words can be mapped up to eight layers or parallel data streams, according to rules defined in Table 7.3.1.3‐1 in TS 38.211 [106] for PDSCH transmission using the same time and frequency resources. A similar code word to layer mapping, for diversity and spatial multiplexing, procedure is used in the case of the LTE system physical layer also. iv)  Generation of transform precoded symbols for modulation symbols in case of DFT‐s‐OFDM transmission in the UL direction. It is an optional stage as configured by the RRC layer through the IE transformPrecoder. If it is enabled, PUSCH transmission is performed using SC‐OFDM/DFT‐S‐OFDM; otherwise, normal OFDM transmission method is used. If transform precoding is enabled, an additional modulation scheme π/2‐BPSK of order 1 is used. v)  Precoding As part of the precoding stage, the data received from the previous stage, i.e. layer mapping, is mapped to different antenna ports. The data from different layers are multiplied by a precoding matrix. The precoding matrix to be multiplied depends on the transmission schemes being used for PUSCH, i.e. codebook based and non‐codebook based, as configured by the RRC layer under the IE PUSCH‐Config ‐> txConFig. For non‐codebook‐based transmission, the precoding matrix to be used is an identity matrix, and a UE derives precoding matric to be used from the CSI‐Reference Signal (RS) measurement. However, for codebook‐based PUSCH transmission, the precoding matrix is provided by the gNB in predefined Tables 6.3.1.5‐1–6.3.1.5‐7 in TS 38.211 [106] for different transmission layers. In these tables, the number of columns is equal to the number of layers used in the UL transmission, and Tables 6.3.1.5‐2–6.3.1.5‐7, TS 38.211 [106], are used if transform precoding is disabled by the RRC layer under the IE: transformPrecoder. The exact table to be applied depends on factors such as the number of layers and antenna ports used for UL transmission. Thus, the predefined table to be applied for precoding multiplication purpose is provided by the NG‐RAN/gNB to a UE over the DCI 1_0 using the Precoding information and number of layers field. vi)  Mapping of the precoded symbols into the virtual RB Complex valued symbols are mapped to the resource allocated in the frequency domain as well as time‐domain over the DCI‐0_0/0_1 from the NG‐RAN/gNB to a UE. vii)  Mapping of the virtual RB to the physical virtual RB. The opposite of the above steps is performed for a typical PUSCH at the receiving physical layer end and passes the information to the higher layer. However, note that not all of the above processing steps are applied to process all the types of physical channels. For example, in the case of PDSCH, transform precoding and precoding steps are not performed. Table 19.10 summarizes the different processing steps associated with the different types of physical channels, i.e. DL and UL control channels and shared channels. Refer to TS 38.211 [106] for the inputs used in each processing stage such as the initializer used to generate a block of scrambling of bits, and modulation scheme for each type of channel. In the case of PUSCH, non‐interleaved VRB to PRB mapping type is used. In the case of PDSCH, both the interleaved and non‐interleaved VRB to PRB mapping types are used. viii)  Summary of physical layer channel processing steps From the descriptions of the previous paragraphs, the entire physical layer channel processing steps and procedures can be summed up at a high level, as shown in Figure 19.49. Note that the antenna port layer mapping stage is applicable for the PDSCH and PUSCH only.

5G NR Air Interface: User Plane Protocols

Table 19.10  Transport channels and their coding steps and schemes. Physical Channels

UL/DL

Physical Channel Processing Steps

PUSCH

UL

Scrambling, modulation, layer mapping, transform‐ precoding, precoding, mapping to VRB, and mapping VRB to non‐interleaved PRB.

PDSCH

DL

Scrambling, modulation, layer mapping, mapping to VRB, and mapping VRB to interleaved/non‐interleaved PRB.

PDCCH/PBCH/ PUCCH

DL

Scrambling, modulation, and mapping to PRB.

Modulation

Scrambling

Antenna Layer Mapping

Resource Grid Mapping

OFDM Signal Generation

Figure 19.49  Illustration: physical layer channel processing steps. PDCCH: 1 CORESET x 1 Symbol

PDCCH: 1 CBW x 1 Symbol

0 1 2

……

13

1 Subframe = 2TS = 14 OFDM symbols

BWP

CORESET for PDCCH

Carrier Bandwidth (CBW)

Frequency

1 CCE = 6 PRBs/REGs 01 2 3

…… 9

13

1 Timeslot = 14 OFDM symbols Time

LTE PDCCH Resource Grid

NR PDCCH Resource Grid

Figure 19.50  Illustration: LTE vs. NR PDCCH resource allocation.

19.6.10.5  Physical Downlink Control Channel (PDCCH)

An overall description of the NR physical layer DL control channel is provided in this section. PDCCH is the only DL control channel in the NR that provides vital information to UEs. A PDCCH transfers information on the allocation of resources, and other control information, for transmission and reception of data in UL and DL directions. From a comparative study point of view, Figure 19.50 illustrates the appearance of a PDCCH on a resource grid in frequency and time domain in the LTE and NR systems. In the case of the LTE system, a PDCCH is mapped to the RBs/elements of the whole carrier bandwidth (CBW) in the frequency domain along with the allocation of up to three or four OFDM symbols in the time domain. On

397

398

Mobile Communications Systems Development

the other hand, in the NR system, a PDCCH is restricted and mapped to a certain RB only, called CORESET, of a BWP in the frequency domain. In the time domain, a PDCCH may be allocated up to three OFDM symbols. An NR BWP, as described earlier, is a small subset of entire carrier bandwidth with a contiguous set of RBs. NR CORESET was described earlier in Section 19.6.5. It may be noted that unlike the PDCCH in the LTE system, a DMRS is also transmitted along with an NR PDCCH within the same REG of a CCE. A description of various radio resources associated with a PDCCH is described below. –– Frequency domain resources for PDCCH In the NR, RBs as well as the OFDM symbols of a PDCCH CORESET are configured by the RRC layer under the IE: PDCCH‐Config (UE‐specific)/PDCCH‐ConfigCommon (cell‐specific); refer to TS 38.331 [116]. Further, RBs, from the allocated BWP, are assigned to a CORESET in terms of a bitmap, called frequencyDomainResources. Each bit of frequencyDomainResources indicates six RBs or REG, which are organized into one CCE as described earlier in Section 19.6.5. A bit value of one indicates that the CCE, or six RBs/REGs, is allocated to a CORESET. Thus, a UE or group of UEs requires to monitor candidates PDCCH over a small part only of the entire carrier bandwidth. Figure 19.50 illustrates (on the right side) the configuration of two CORESETs for a UE as its candidates PDCCHs by the NR RRC layer within an allocated BWP. –– Time‐domain resources for PDCCH A PDCCH can occupy up to three consecutive OFDM symbols of a timeslot in the time domain. –– PDCCH aggregation level A PDCCH can transfer a varying amount of DL control information from NG‐RAN to a UE. Due to this, the frequency domain resource requirements may also vary in terms of the number of CCE requirements to transfer the contents of a PDCCH. This is specified through a PDCCH Aggregation level, where each level contains the specified consecutive number of CCEs. Similar to the LTE system, the NR system also defines PDCCH aggregation level up to 1, 2 4, 8, or 16 CCEs. Such CCEs are provided through a 45‐bit long bitmap called frequencyDomainResources, from NG‐RAN to a UE, as mentioned above. More aggregation level means more CCE resources are allocated to a PDCCH. Table 19.11 lists the PDCCH Aggregation Level and Candidates PDCCH and the number of RE available after discounting the RE used by the PDDCH DMRS. A DMRS is also transmitted along with a PDCCH which occupies three REs within an REG. A DMRS for PDCCH is described later in Section 19.6.12.1. Within an REG, PDCCH DMRS occupies three REs at positions #1, 5, 9 as per the PDCCH DMRS to RE mapping definition provided in TS 38.211 [106]. Thus, within an REG, only 12–3  =  9 RE (REs) are available for PDCCH transmission. Table 19.11 also illustrates the number of bits that can be transmitted over a PDCCH in each aggregation level with QPSK modulation (2 bits per OFDM symbol). Table 19.11  PDCCH aggregation level and candidates PDCCH. PDCCH Aggregation Level/#of CCE

#of REG

Total #RE

#RE for PDCCH = Total RE ‐ #RE for PDCCH DMRS

#Bits with QPSK (2 #of Candidates Bits) Modulation PDCCH

1

6*1 = 6

72

72 − 6*3 = 54

2*54 = 108

0,1,2,3,4,5,6,8

2

6*2 = 12

144

144 − 12*3 = 108

2*108 = 216

0,1,2,3,4,5,6,8

4

6*4 = 24

288

288 − 24*3 = 216

2*216 = 432

0,1,2,3,4,5,6,8

8

6*8 = 48

576

576 − 48*3 = 432

2*432 = 864

0,1,2,3,4,5,6,8

16

6*16 = 96

1152

1152 − 96*3 = 864

2*864 = 1728

0,1,2,3,4,5,6,8

5G NR Air Interface: User Plane Protocols

–– PDCCH REG bundle size The RE groups (REG0 to REG5) of a CCE are bundled together with a particular bundle size as configured by the RRC layer. Bundle size can be 2, 3, or 6 REGs. –– CCE to REG mapping Further, CCEs of a particular aggregation level are mapped to different REG bundles in an interleaved or non‐ interleaved way. For a description of the hash function which is used for interleaved mapping of CCE to REG, refer to TS 38.211 [106]. CCE to REG mapping type, i.e. interleave or non‐interleaved, used for a PDCCH is configured by the RRC layer IE: cce‐REG‐MappingType. Interleaved mapping of CCE to REG may be used to achieve frequency diversity within a BWP. –– UE PDCCH monitoring: search space A PDCCH transmits vital DCI which is monitored by a UE or group of UEs in a DL direction. As the NR support larger carrier bandwidth and to avoid monitoring of a PDCCH over the entire carrier bandwidth, which is performed in the LTE system, PDCCH monitoring in the NR is restricted to a smaller part, which is called as a search space, of an active BWP. Usages of the NR BWP and its types were described earlier in Section 19.6.7. A PDCCH search space is a region in the DL resource grid, and up to three symbols long in the time domain, as illustrated in Figure 19.50, which is configured by the RRC layer. A search space provides all the possible locations of a PDCCH in the frequency domain. Further, each possible location of a PDCCH is called a candidate PDCCH. For example, in Figure  19.50, there are two possible locations (symbol #0 and 9) of an NR PDCCH, and in each location, there is only candidate PDCCH. Using a search space, a UE or group of UEs comes to know about the candidate PDCCH to be monitored and decodes the one being addressed to a UE or group of UEs. A search space configuration from NG‐RAN to UE provides information about the contiguous CCEs of a particular aggregation level being allocated for each candidate PDCCH. CCE aggregation level for a PDCCH can be 1, 2 4, 8, or 16 CCEs as defined in the NR. A PDCCH search space also contains the periodicity of its monitoring as configured by the RRC layer. Using the candidates PDCCH from an RRC configured search space, a UE or group of UEs uses the blind decoding method to decode a candidate PDCCH intended for the UE or group of UEs using the corresponding RNTI as listed in Table 19.12. Two types of search spaces for PDCCH monitoring purposes are defined in the NR – UE specific (USS) and common search space (CSS); refer to Table 19.12. NG‐RAN can configure up to 10 search spaces, including USS and Table 19.12  PDCCH search space, purposes, and their RNTIs. PDCCH Search Space

Type

Type 0

Purpose of Search Space

RNTI Used to Scramble CRC of DCI

CSS

SIB Type 1

SI‐RNTI

Type 0A

CSS

Other System Information

SI‐RNTI

Type 1

CSS

Random Access Response

RA‐RNTI or a TC‐RNTI

Type 2

CSS

Paging

P‐RNTI

Type 3

CSS

Common Signaling

INT‐RNTI, SFI‐RNTI, TPC‐PUSCH‐RNTI, TPC‐PUCCH‐RNTI, or TPC‐SRS‐RNTI

UE‐specific

USS

UE‐specific

C‐RNTI MCS‐C‐RNTI, SP‐CSI‐RNTI, or CS‐RNTI

399

400

Mobile Communications Systems Development

CS, to be supported by a UE per BWP. UE‐specific PDCCH search is carried out to decode UE‐specific information such as DL data reception. Common PDCCH search is carried out by a group of UEs to decode common signaling data such as system information, paging message, and random access response sent by the NG‐RAN. A candidate PDDCH search is carried out based on a CRC, of the transmitted DCI, which is scrambled with the corresponding RNTI as part of a DCI processing chain at the physical layer. Note that depending on the payload size of a DL control information transferred over by a PDCCH, the CORSET of different aggregation levels may be assigned to USS or CSS. –– Maximum number of candidates PDCCH per SCS Based on the SCS being used in a cell, NR also defines the maximum number of candidate PDCCH to be monitored by a UE. As defined in Table 10.1‐2 in TS 38.213 [108], the maximum number of candidate PDCCH to be monitored by a UE is 44, 36, 22, and 20 for the SCS of 15, 30, 60, and 120 kHz, respectively. For a detailed UE PDCCH monitoring procedure, refer to TS 38.213 [108]. Example 19.10 illustrates the decoding of PDCCH by a UE using its search space.

Example 19.10  UE Decoding of PDCCH from a UE‐Specific Search Space In 5G NR, the number of CORESETs, common as well as UE‐specific, supported per BWP is three. Thus, the maximum number of control sets to be supported by a UE and its serving cell is 3* number of maximum BWP = 3*4 = 12. Further, the number of PDCCH search spaces allowed per BWP is 10. Thus, the maximum number of search spaces to be supported by a UE in the NR system is 4 BWPs * 10  =  40 search spaces. With the above background, decoding of a PDCCH over the allocated BWP to a UE with one CORESET and one allocated search space, containing two candidates PDCCH, is illustrated in Figure 19.51. The following typical configuration is being used in this illustration. –– Frequency domain and time‐domain resource allocation for CORESET 1 is as follows: CORESET ID = 1, with non‐contiguous frequency domain resources between candidates PDCCH. Frequency Domain Resources = (CCE0 and CCE1) and (CCE7 and CCE8) Allocated CCEs bitmap (RRC IE: frequencyDomainResources) in frequency domain = 11000001100…(1: CCE Allocated, 0: CCE not allocated) Allocated duration = 1 (ODFM symbol) Allocated slot = 0 Allocated symbol = 0, i.e. 0th OFDM symbol of monitored timeslot starting with slot #0 and allocated slot periodicity (#4) for PDCCH search space monitoring Allocated periodicity = 4, i.e. search space monitoring repeats at every fifth slot (sl5) CCE to REG Mapping Type = Non‐interleaved REG bundle size = 6 resource blocks Number of REG bundles = 2 –– Frequency domain and time‐domain resource allocation for PDCCH search space, SS1, is as follows: Allocated Search Space (SS) ID = SS1 Monitoring slot periodicity = 4 (RRC IE: monitoringSlotPeriodicityAndOffset) Monitoring symbol = 0 (RRC IE: monitoringSymbolsWithinSlot), i.e. 0th OFDM symbol of monitored timeslot starting with slot #0 for search space monitoring No. of candidates PDCCH = 2 CCE aggregation level = 2, i.e. number of CCEs for each candidate PDCCH in CORESET 1

5G NR Air Interface: User Plane Protocols PDCCH Configuration Control Resource Set (CORESET 1) Frequency Domain Resources

B W P

1 1 0 0 0 0 0 1 1 0 0 ………….

Frequency

0 1 2 3 4 5 6 7 8…………

44 REG11

CCEs

…… ……

…… Candidates PDCCH

REG Bundle #1

REG06 REG05

Aggregation Level: 2 CCE1 CCE0

SS: 1 0

1

2 …………12 Symbols Slot 0

REG Bundle #0

…… REG 0 SS: 1

13 …… ……

0

1

2…………12

13

……

Symbols Slot 4 Time

Figure 19.51  Illustration: PDCCH monitoring using search space with aggregation level 2 and interleave mapping for CCE to REG.

Thus, with the above typical CORESET and search space as configured by the RRC layer within the assigned BWP, the allocation of frequency domain and time‐domain resources for a PDCCH monitoring and its decoding by a UE will be as follows: Allocated CORESET ID = 1 Allocated search space = SS1 As illustrated in Figure 19.51, CCE0 is mapped to REG bundle 1, and CCE1 is mapped to REG bundle 0 in an interleaved way. An actual interleaved mapping between a CCE to its corresponding REG bundle takes place using the formula described in TS 38.211 [106]. For more information on the other information carried by a PDCCH, CORESET, Search Space, and BWP, refer to TS 38.331 [116]. Transmission of DL control information, within a CORESET, dynamically from NG‐RAN to a UE or group of UEs over a PDCCH in a serving cell is described next. –– DCI Similarly, as in the LTE system, the 5G NR system also allocates radio resources and scheduling information and other physical layer signaling information in the form of a DL control information from the NG‐RAN to a UE over the PDDCH described above. The NG‐RAN allocates UL/DL resources, either Type 0 or Type 1, for PDSCH or PUSCH and also provides other signaling information for different purposes such as power control commands, DL, and UL HARQ‐related information, paging, slot format indication, and so on, to a UE. Using a DCI, NG‐RAN can also allocate semi‐persistently scheduled resources to a UE. Different types of information carried by a DCI, as may be configured by the RRC layer, are summarized at a high level below: i)  DCI identifier (0: UL DCI, 1: DL DCI); ii)  BWP and UL/DL physical resources allocation in frequency and time domain for PDSCH reception and PUSCH transmissions by UE. Unlike a DCI used in the LTE system, a DCI in the NR system contains the

401

402

Mobile Communications Systems Development

time‐domain resource allocation information also from NG‐RAN to a UE. Depending on the user traffic requirements, a timeslot can be switched and used for DL only or UL only transmission. Thus, an NR DCI contains the dynamic TDD information also unlike a DCI used in the LTE system; iii)  Transport block‐related information such as the MCS being used/to be used, redundancy version, new data indicator to indicate whether a transport block is a new transmission or retransmission of the previous block; iv)  PUCCH and PUSCH resource‐related information; v)  UE PDSCH reception to UL HARQ‐ACK transmission timing information; vi)  UL power control‐related information; vii)  Timeslot format‐related information; viii)  Virtual to PRB mapping type (interleaved/non‐interleaved) used for DL transmission and PRB bundling information; ix)  Multiple antenna, or MIMO, transmissions configuration information such as the antenna port and number of layers used in UL and DL transmissions between UE and NG‐RAN and vice versa. Note that in the case of the LTE system, such information is provided by the E‐UTRAN over an RRC signaling message to a UE. However, in NR, MIMO transmission information is derived by a UE based on predefined Tables 7.3.1.2.2x/7.3.1.2.2x in TS 38.212 [107]. Refer to TS 38.212 [107] for more details on the different information carried by different DCIs, and differences among them, under the above categories of information. Further, refer to TS 38.213 [108] and TS 38.214 [109] on the usages, in terms of resource allocations by NG‐RAN/gNB and its interpretation by a UE, of the different information carried by a DCI. A 24‐bit CRC is attached to the information to be transmitted over a DCI during its physical layer processing chain. Further, the parity bit of the CRC is scrambled with the corresponding RNTI. An RNTI can be UE‐specific, allocated as a result of a successful RRC connection establishment with NG‐RAN, or common RNTI, addressing a group of UEs. An RNTI indicates the intended mobile device and kind of information being transmitted to a UE or UEs. Thus, a UE or group of UEs monitors the PDCCH and decodes the contents of a DCI addressed to it using its RNTI. Table 19.13 lists the different types of DCIs used in the NR system, their purposes, and the corresponding RNTI used to scramble its CRC at the NG‐RAN end and descramble it at UE end. The SI‐RNTI and P‐RNTI have fixed or static value, i.e. Table 19.13  NR DCIs formats, purposes, and their RNTIs. DCI formats

Purpose

RNTIs for Scrambling

0_0

Uplink scheduling information for PUSCH with basic NR features

C‐RNTI or CS‐RNTI or MCS‐C‐RNTI

0_1

Uplink scheduling information for PUSCH with more NR features

C‐RNTI or CS‐RNTI or SP‐CSI‐RNTI or MCS‐C‐RNTI:

1_0

Downlink scheduling information for PUSCH with basic NR features

C‐RNTI or CS‐RNTI or MCS‐C‐RNTI, P‐RNTI, SI‐RNTI, RA‐RNTI

1_1

Downlink scheduling information for PUSCH with more NR features

C‐RNTI or CS‐RNTI or MCS‐C‐RNTI

2_0

Used for timeslot format indication to a UE in TDD mode

SFI‐RNTI

2_1

Used for preemption indication to ongoing PDSCH transmission and intimate a UE that the PRBs/OFDM symbols allocated are not carrying any useful information for it

INT‐RNTI

2_2

Used for transmission of closed‐loop power control commands to UE for PUCCH and PUSCH

TPC‐PUSCH‐RNTI or TPC‐PUCCH‐RNTI

2_3

Used for transmission of closed‐loop power control commands for SRS transmissions by one or more UEs

TPC‐SRS‐RNTI

5G NR Air Interface: User Plane Protocols DCI (RNTI) 0xFFFF and 0xFFFE, while the other RNTIs have value in the range from 0x0001 to OxFFEF, refer to TS 38.321 [113]. The amount of information provided to a UE or UEs over a PDCCH DCI, and hence its size, varies depending on the RNTI type used Search Space to scramble the CRC parity bits. Some of the fields, for example, gNB MCS, of a DCI have fixed length, while other fields, for example, CORESET FDRA, time‐domain resource assignment, and so on, have variable length, as well as maximum, allowed length. The length of CCE such fields depends on the amount of configuration information Uplink Grant UL DL provided by the RRC layer in the form of lists and number of PDSCH REG PUSCH entries (rows, columns) in it, through the corresponding IEs such as the pdsch‐TimeDomainAllocationList as illustrated earlier in or Data Rx Data Tx Section 19.6.8. The maximum number of time‐domain resource allocation for PDSCH in pdsch‐TimeDomainAllocationList is 16, i.e. it is a16 × 3 array. Thus, the sizes of the payload of different DCI formats may vary depending on the contents carried by Figure 19.52  Illustration: transmission flow of a DCI. them. Due to this, a DCI payload size alignment is performed by appending “0” or truncation of few bits of the FDRA field. The minimum size of the DCI payload is 12 bits. Figure  19.52 illustrates, in general, the transmission flow and usages of a DCI from NG‐RAN to UE. If a DCI carries a DL assignment, UE receives the DL data from the NG‐RAN over the PDSCH and its corresponding radio resources indicated in the DCI. If a DCI carries the UL assignment for PUSCH transmission, UE transmits UL data over the PUSCH using the corresponding radio resources granted over the DCI. DCI 0_0 and DCI 1_0 contain the basic information such as frequency and time domain resources allocated by the NG‐RAN to a UE, HARQ‐process number, and so on. DCI 0_1 and DCI 1_1 contain, in addition to the basic, other information of NR transmissions and receptions as may be configured by the RRC layer such as CBG transmission, the number of antenna ports and a number of layers to be used, phase tracking RS information, and so on.

–– DCI and PDCCH Processing Chain As listed in Table 19.13, a DCI for a UE or group of UEs contains different types of information and also undergoes a channel coding process similar to the coding of transport channels that carry higher layers of information. The typical DCI processing chain at the gNB end contains the CRC attachment (24 bits length), polar encoding, and a rate matching. Rate matching is essential to ensure that the DCI payload +CRC after its polar encoding matches the number of REs available after discounting the resource element consumed by PDCCH DMRS as mentioned in the previous paragraphs. All these steps produce a code word. A CRC is added to a DCI to detect an error in it by a UE. Polar encoding of a DCI also differentiates it from a DCI transmitted in the LTE system. Note that the CRC parity bits are scrambled with, through modulo‐2 operation, the corresponding RNTI of a UE or group of UEs for common data so that only the intended UE or group of UEs processes the DCI. Tasks associated with a DCI processing chain is illustrated in Figure 19.53. Figure 19.53 also illustrates the processing chain of a PDCCH, taking a DCI code word as the input bit string. The typical processing chain for the transmission of DCI code word over the PDCCH contains the task of scrambling, QPSK modulation, and its mapping to the allocated REs. A PDCCH is mapped to REs of an REG which are not used for its DMRS. DMRS for a PDCCH is described later in Section 19.6.12.1. Scrambling sequence initialization depends on the type of search space being used. If USS is used, the scrambling sequence is initialized with the RRC IE pdcch‐DMRS‐ScramblingID and UE C‐RNTI. If the IE pdcch‐DMRS‐ScramblingID is not provided by the RRC layer, the scrambling sequence for USS is initialized with the corresponding physical layer cell ID of the serving cell, as used in the case of CSS also.

403

404

Mobile Communications Systems Development DCI Payload Bits

Polar Encoding

-Add CRC, Scramble Parity with RNTI

Rate Matching

Code Word

DCI Processing Chain DCI Code Word

Scrambling

QPSK Modulation

Mapping to Resource Block

Resource Element

PDCCH Processing Chain

Figure 19.53  Illustration: DCI processing chain.

19.6.10.6  Physical Uplink Control Channel (PUCCH) and Information (UCI)

In the NR, a UE reports certain information to the NG‐RAN/gNB in the form of UCI, which is similar to the LTE system. A UCI transmitted is from a UE to the NG‐RAN over the PUCCH and may contain one or more or a combination of the following information in a multiplexed way: i)  HARQ ACK/NACK only as an acknowledgment for the previously received transport block from the NG‐ RAN. NR physical layer HARQ ACK/NACK procedure is described later in Section 19.6.11; ii)  HARQ ACK/NACK and SR to the NG‐RAN; iii)  CSI only with respect to a PDSCH reception. CSI shall be described later in Section 19.6.17; and iv)  HARQ ACK/NACK, SR, and CSI. As mentioned in the previous section, a DCI is transmitted over the PDCCH only from NG‐RAN/gNB to a UE with the variable number of information. Compared to a DCI, less number of control information is carried by a UCI over the PUCCH in the UL direction. A UCI can be transmitted over the PUCCH as well as PUSCH (in a multiplexed way with upper‐layer data over PUSCH; Section 19.6.9.5) from a UE to NG‐RAN. A UCI transmitted from a UE to the NG‐RAN over the PUSCH can contain HARQ ACK/NACK only as well as CSI. Refer to TS 38.212 [107] for bit sequences used by the various UCI. Depending on the contents/payloads and their length, several PUCCH formats are used to send UCI from a UE to NG‐RAN as described in the next paragraph. ●●

PUCCH Formats and Their Lengths

Depending on the length of the payload, i.e. UCI bits and type of control information being transmitted from a UE to NG‐RAN, different types of PUCCH Formats 0–4 are used to transfer a UCI mentioned above. PUCCH Formats 0 and 2 are called short PUCCH format and are allocated one or two OFDM symbols. PUCCH Formats 1, 3, and 4 are called long PUCCH format and are allocated 4–14 OFDM symbols. Using the PUCCH Format 0 and 1 UCI length at most 2 bits can be transmitted, whereas using the other PUCCH formats (2/3/4), UCI length of more than 2 bits can be transmitted. For example, an SR or HARQ‐ACK/ NACK from a UE to NG‐RAN can be sent/reported using PUCCH Format 0. Similarly, PUCCH Format 2 can be used to report a CSI from a UE to NG‐RAN. For more information on PUCCH formats and its time‐domain resource allocation, i.e. OFDM symbols, refer to TS 38.211 [106], and for UE reporting of single or multiple control information to NG‐RAN over the PUCCH, refer to TS 38.214 [109]. ●●

PUCCH Resource Configurations

Several parameters such as the starting PRB, number of PRBs, starting symbol, number of symbols, and so on are used by the different PUCCH formats to report a UL control information, i.e. HARQ‐ACK, SR, and CSI, from UE to NG‐RAN. Two types, dedicated, i.e. UE‐specific, and common, i.e. cell‐specific, of methods are used to allocate and configure resources to these parameters from the NG‐RAN to a UE for transmissions of UCI over the different PUCCH formats. Further, there are two ways  –  a predefined table in TS 38.213 [108] as well as

5G NR Air Interface: User Plane Protocols

dynamically over RRC signaling – to allocate frequency and time domain, i.e. OFDM symbols, resources to different PUCCH formats. A set of dedicated resources, which belongs to a particular BWP, can be provided dynamically to a UE over RRC layer signaling IE PUCCH‐Config ‐> PUCCH resource set to the PUCCH parameters. On the other hand, the allocation of common or cell‐specific PUCCH resources is indicated to UEs through an index (0–15) PUCCH‐ConfigCommon  ‐>  pucch‐ResourceCommon into a predefined Table 9.2.1‐1 in TS 38.213 [108], which is used by UEs during the initial network access made by it. These common PUCCH resources are used till dedicated PUCCH resources are not provided to a UE by the NG‐RAN. HARQ‐ACK‐related PUCCH resources are configured by the RRC layer through the IE PUCCH‐Config ‐> dl‐ DataToUL‐ACK in association with the PUCCH resource indicator and PDSCH‐to‐HARQ_feedback timing indicator field provided over DCI 1_0 and 1_1. Similarly, SR‐related PUCCH resources are configured by the RRC layer through the IE PUCCH‐Config ‐> schedulingRequestResourceToAddModList. Using these resources, a UE reports the respective UL control information, as described in TS 38.213 [108]. It may be noted that not all the PUCCH formats use the same value for a particular parameter. Each PUCCH format can have a format‐specific parameter and its resource/value as assigned by the RRC layer. For example, the number of PRB parameters is applicable for the PUCCH Formats 2 and 3 only, whereas the number of OFDM symbol allocation parameters is common, with different values, and applicable for all types of PUCCH formats. For more information on these, refer to PUCCH‐Config IE in TS 38.331 [116]. ●●

UCI and PUCCH Processing Chain –– UCI

Multiplexing transmission of UCI along with higher layer data over the PUSCH was illustrated earlier in Figure 19.41. The different tasks associated with the processing chain of a UCI depend on its payload lengths. As illustrated in Figure 19.41, the typical processing chain for a UCI contains the code block segmentation with CRC attachment if the UCI payload size is greater than 11 bits, polar encoding, rate matching, and code block concatenation to produce a code word. If the payload size is less than 11 bits, no CRC is attached. If the UCI payload size is less than 11 bits, it is encoded with repetition coding, Simplex coding, or Reed Muller coding method. –– PUCCH The processing steps used for PUCCH vary depending on its format, as mentioned above. PUCCH Format 0 contains the scrambling sequence generation and its mapping to RBs tasks. PUCCH Format 1 contains the modulation, sequence generation, and its mapping to RBs tasks. PUCCH Format 2 contains the coding, scrambling, modulation, and its mapping to RBs tasks. PUCCH Formats 3 and 4 contain the coding, scrambling, modulation, spreading, transform precoding, and its mapping to RB tasks. The modulation technique used may be either QPSK or BPSK depending on the PUCCH format, e.g. short or long, being used. Also, different scrambling sequences are used in different PUCCH formats. Refer to TS 38.211 [106] for more information on the scrambling sequences and initializers used by different PUCCH formats.

19.6.11  Code Block Group‐Based Transmissions and Receptions ●●

Downlink HARQ‐ACK/NACK for Code Block Transmissions/Receptions

CBG‐based transmission in the UL (PUSCH) and DL (PDSCH) directions is a new feature in the NR physical layer which does not exist in the LTE system physical layer. As part of a transport channel processing chain at the NR or LTE physical layer, a large transport block (beyond up to 8448 bits in case of NR) is segmented into several code blocks. Each code block goes through the entire channel coding processing chain which consists of encoding, rate matching, and so on. At the end of the channel coding processing chain, the transport block is transmitted, after scrambling and modulating it, to the receiving physical layer. If a segmented code block is detected as an erroneous one by the receiver, the entire transport block is retransmitted by the sender, in general. A transport

405

406

Mobile Communications Systems Development

block is retransmitted (NG‐RAN to UE) based on the HARQ‐NACK feedback from the receiver (UE) to the sender (NG‐RAN), which is similar as in the case of the LTE system also. Only one HARQ‐ACK/NACK bit is provided at a transport block level in such a retransmission scenario. The sender retransmits the entire transport block even though some of the segmented code blocks may have been received correctly. This is fine for a small‐size transport block, but for a large transport block, such retransmission may result in wastages in the air interface resources/ less spectral or bandwidth efficiency, as is the case with the LTE system. To optimize air interface resources usages resulting in high spectral efficiency, the NR physical layer may perform CBG‐based transmissions and retransmissions for larger transport blocks, which may be used to provide enhanced mobile broadband services to users. In CBG‐based transmission and reception procedure, segmented code blocks may be organized into several CBGs. Further, the receiver provides HARQ‐ACK/NACK status bit to the sender at CBG instead of the transport block‐level as mentioned in the previous paragraph. If some of the CBGs are received erroneously by the receiver, HARQ‐NACK will be provided to the sender for those erroneous CBGs. The sender will retransmit the erroneous CBGs only, thus avoiding the retransmission requirements of the entire transport block of large size. It may be noted that as compared to the providing of a single HARQ‐ACK/NACK bit for an entire transport block, multiple HARQ‐ACK/NAK status bits are provided in case of CBG‐based transmission in the NR system. This results in a HARQ‐ACK/NACK signaling overhead over the NR air interface. To reduce such overhead, the CBGs‐based transmission, reception, and retransmission requirements may be scheduled dynamically by the NR‐RAN/gNB over the RRC layer signaling. To indicate/enable such transmissions/ receptions/retransmissions, the RRC layer configures a parameter called codeBlockGroupTransmission which is provided to a UE as part of its PDSCH and PUSCH configurations using the IEs PDSCH or PUSCH‐ ServingCellConfig. The absence of the codeBlockGroupTransmission parameter as part of a PDSCH or PUSCH allocation from NG‐RAN to UE disables the CBG‐based transmission/reception. Following this, only one HARQ‐ACK/NACK bit is provided, as usual in the LTE system, per transport block. A transport bock is segmented into several code blocks; each is of the maximum allowed size; Section 5.2.2 in TS 38.212 [107]. Code blocks are further organized into several CBGs. The maximum number of granularity (i.e. 2, 4, 6, and 8) of CBGs per transport block is provided to a UE through the RRC layer IE  ‐> PDSCH or PUSCH‐CodeBlockGroupTransmission ‐> maxCodeBlockGroupsPerTransportBlock. Initially, all the code blocks of a transport block are transmitted by the sender to the receiver. A receiver provides a HARQ ACK/NACK status for each of the CBG of a transport block received by it from the sender. If a code block of a CBG has been received as erroneous, the receiver reports a HARQ‐NACK to the sender. The affected CBG is retransmitted by the sender instead of the whole transport block, which leads to efficient usage of the air interface resource in case of larger size transport block transmission. Retransmitted CBGs are indicated by the sender through the presence of bit “1” in the CBGTI (Code block group transmission information) bitmap field of DCI_1_1 (for PUSCH) or DCI 0_1 (PUSCH) for each CBG (TS 38.212 [107]). Each bit (0 or 1) of the CBGTI bitmap field corresponds to a CBG of the associated transport block is transmitted. Another associated parameter that is provided as part of the DCI 1_1 for PDSCH transmission only is the CBG flush indicator (CBGFI). This is a 1‐bit length parameter which is used to indicate whether the CBG indicated by CBGTI that is already available in the soft combining buffer should be flushed out (value 0), say corrupted or pre‐empted (INT‐RNTI), or the CBG should be used (value: 1) for soft combining with the existing CBGs. The grouping of transport code blocks (CBs) into CBGs for PDSCH transmission/retransmission and multiple HARQ‐ACK/NACK bits is illustrated in Figure 19.54. As illustrated, consider that a transport block is segmented into eight (=C) code blocks. Also, the maxCodeBlockGroupsPerTransportBlock as provided by RRC Layer is 3 (=N). The actual process used for the calculation of the number of CBGs (CBG 0…CBG‐n) and the number of code blocks (CB0…CBn) per CBG for transmission of a transport block is described in Section 5.1.7.1 in TS 38.214 [109]. Using this procedure, the number of CBGs and CBs in each CBG is calculated below with C = 8, N = 3.

5G NR Air Interface: User Plane Protocols

Figure 19.54  Illustration: code block group‐based downlink transmission and its HARQ ACK/NACK.

Transport Block Segmentation CB0 CB1 CB2 CB3 CB4 CB5 CB6 CB7 Grouping

Grouping

CBG0

CBG1

CBGTI

Grouping CBG2

1

0

1

0

1

0

CBGFI

1

HARQ-ACK/NACK codebook bits. ACK: 1, NACK: 0 DCI 1_1 Indicates Re-Transmission of CBG 1

Indicates Soft Combining of CBG 1

M = min (N, C) = 3; M1 = mod (C, M) = 2; K1 = floor(C/M) = 3; K2 = Ceil (C/M) = 2 Since M1 > 0, CBG 0 has 3 code blocks with index = 0,1,2 (as per Section 5.1.7.1 in TS 38.214 [109]) CBG 1 has 3 code blocks with index = 3,4,5 (as per Section 5.1.7.1 in TS 38.214 [109]) Further, CBG 2 has two code blocks with index = 6,7 (as per Section 5.1.7.1 in TS 38.214 [109]). Segmentation of the above transport block into CBs 0–7 and their grouping into three CBGs 0–2 is illustrated in Figure 19.54. Figure 19.54 also illustrates the HARQ‐ACK (1)/NACK (0) codebook method of providing the status, from UE to NG‐RAN, of the decoded CBGs. A HARQ‐ACK/NACK codebook contains multiple bits that carry the CBGs decoding status from UE to NG‐RAN. Further, a HARQ‐NACK is reported to NG‐RAN for the CBG 1 due to the reception of at least one code block as erroneous and its corresponding retransmission by NG‐RAN as indicated through the CBGTI field of DCI 1_1. ●●

Semi‐Static and Dynamic HARQ‐ARQ Codebook

The number of bits used for HARQ‐ACK (1)/NACK (0) status information, from UE to NG‐RAN, in case of normal PDSCH transmission or CBG‐based PDSCH transmission/reception, was described above. There are also other types of codebook determination procedures – Type 1 and Type 2 – which determine the number of bits to be used for the HARQ‐ACK/NACK codebook reporting purposes that also vary depending on a UE configuration by the RRC layer. Type 1 is called the semi‐static, and Type 2, which is used for reporting DL HARQ‐ACK/NACK information from UE to NG‐RAN, is called the dynamic codebook. The type of HARQ‐ACK codebook to be used is indicated by the RRC layer through the IE: pdsch‐HARQ‐ACK‐Codebook with value either semi‐static or dynamic. Type 1 HARQ‐ARQ codebook is reported over the PUCCH or PUSCH, whereas Type 2 HARQ‐ARQ codebook is reported over the PUCCH only to the NG‐RAN. For more information on these procedures to determine the DL HARQ‐ACK codebook to be used by a UE, refer to Section 9 in TS 38.213 [108]. ●●

Timing for Downlink HARQ‐ACK (UE to NG‐RAN)

–– FDD mode As far as the timing for HARQ ACK/NACK, from UE to NG‐RAN, for DL data reception at UE end is concerned, there is a difference between LTE HARQ and NR HARQ processes. In the case of the LTE HARQ process, the timing

407

408

Mobile Communications Systems Development NR FRAME TS0 TS1 TS2 TS3 TS4 TS5 TS6 TS7 TS8 TS9 ……. n K1 PUCCH slot = n+K1 HARQ ACK/NACK DCI Slot = TS1 PDSCH Slot = TS4

Figure 19.55  Illustration: FDD: PDSCH to its HARQ‐ACK timing.

One Time slot OFDM Symbols 0

TDD Slot Format 4 D

1

2

3

4

5

6

7

8

9

10 11 12

13

D

D

D

D

D

D

D

D

D

D

U

PDCCH

PDSCH

K1= 0

D

F

HARQ–ACK over PUCCH

Figure 19.56  Illustration: TDD: PDSCH to its HARQ‐ACK timing with K1 = 0.

for HARQ ACK/NACK is fixed, i.e. 4 ms in case of FDD mode; and for TDD mode, timing is provided in a predefined table; refer to Table 9.1.2‐1 in TS 36.213 [91]. That is, in the case of LTE FDD mode, a transport block will be retransmitted, if required, after 8 ms of round trip time only. However, in the case of the NR DL HARQ process, the timing to report its ACK/NACK from UE to NG‐RAN is configurable and controlled by the RRC layer, thus providing a flexible timing between a DL data/PDSCH reception at UE end and its corresponding ACK transmission over the PUCCH in the UL direction. The RRC layer provides a 3‐bit length IE: dl‐DataToUL‐ACK as part of a PUCCH resource allocation to a UE. The IE: dl‐DataToUL‐ACK is used as an index into an RRC‐configured Table 9.2.3‐1 in TS 38.213 [108], which provides timing (K1) of transmitting a HARQ‐ACK/NACK from UE to NG‐RAN against the DL data/PDSCH reception by UE from the NG‐RAN. Note that UE transmits the HARQ‐ACK/NACK to NG‐RAN with relative ACK timing: K1 slot offset to the DL data reception over PDSCH slot (n), as illustrated in Figure 19.55. Slot offset or timing for transmission of DL HARQ‐ACK/NACK from UE to NG‐RAN may be also provided over the DCI_1_0/1_1 and its PDSCH‐to‐HARQ_feedback timing indicator field. If the DCIs do not contain this field, UE will provide a HARQ ACK/NACK to NG‐RAN according to the information: K1 provided over RRC layer IE: dl‐DataToUL‐ACK. Thus, the round‐trip time for PDSCH to HARQ‐ACK/NACK from UE to NG‐RAN in 5G NR is not fixed, unlike it is in the case of the LTE system. –– TDD mode Figure 19.56 shows the transmission of DL data and its ACK in the same timeslot or subframe in TDD mode with the necessary guard period between them. Using the TDD slot format 4, this figure illustrates the flexible timing between a DL data/PDSCH reception by a UE and its corresponding ACK transmission over the PUCCH in the UL direction. As illustrated, the following information is being multiplexed over the different symbols of a TDD slot with the format 4. (i)  DCI (PDCCH) over symbol 0, (ii)  DL data reception over PDSCH, symbols 1–11, and (iii)  Corresponding HARQ‐ACK, with slot offset K1 = 0, over a short PUCCH format #0 using only one OFDM symbol 13.

5G NR Air Interface: User Plane Protocols

Further, as illustrated above, the timing between a DL data/PDSCH and its corresponding ACK transmission over a PUCCH is not fixed; rather, it is configurable, which is based on the slot/symbol offset: K1. Due to this, the DL/UL switching in TDD is fast because the PDSCH reception and its ACK transmission take place within the same slot boundary only, Figure 19.55, which results in a lower latency in the NR than the LTE system. For more information on the UE procedure for reporting HARQ‐ACK to NG‐RAN using the timing offset K1, refer to TS 38.213 [108]. ●●

NR Uplink Retransmission Requirement Indication Through NDI

Unlike in the LTE system, where a separate DL channel called PHICH is used to send a UL HARQ‐ACK status of transport block received over the PUSCH, no such specific DL control channel exists in the NR system to report UL HARQ‐ARQ requirements from NG‐RAN to UE. To indicate a UL retransmission requirement of an erroneously decoded transport block or CBG from UE to NG‐RAN, the NG‐RAN schedules the UE again with a new data bit indicator flag which is provided as part of a UL resource grant over a DL control information: DCI 0_0/0_1 to the UE. Further, UL retransmission from UE to NG‐RAN can be CBG based, provided that the RRC layer configures a CBG‐based transmission/reception for the UE. That is, a CBGTI field (DCI 0_1) is used to indicate a UL CBG‐based retransmission, which is the same as the retransmission in case of the DL HARQ procedure described above. However, unlike the DL HARQ‐ACK procedure, no CBGFI field is required as part of a UL HARQ‐ACK procedure. Similar to the DL HARQ‐ACK procedure, the UL HARQ‐procedure is also asynchronous.

19.6.12  Physical Signals Similar to the LTE system, the NR physical layer defines several types of physical signals in terms of RSs and synchronization signals in UL and DL directions which are used for different purposes by the UE as well as the NG‐RAN. –– A DMRS for every physical channel, i.e. PUSCH, PUCCH, PDSCH, PDCCH, and PBCH; –– CSI reference signal (CSI‐RS) in the DL direction; –– SRS in the UL direction; –– Phase‐tracking reference signals (PT‐RS) for PUSCH and PDSCH; and –– Secondary synchronization signal (SSS) and primary synchronization signal (PSS) in the DL direction. A physical signal mentioned above is transmitted along with its corresponding physical channel. Physical signals are assigned a set of predefined REs to transmit information generated by the physical layer. But each physical signal has different densities, i.e. occurrences, within the frequency and time‐domain resources allocated for the respective physical channel. It may be noted that the physical channels and signals used over the 5G NR and LTE air interfaces have the same names. However, unlike in the LTE system, there is no “always on” cell‐specific reference signal (CRS) in the NR system. Thus, the absence of a CRS makes the NR and NG‐RAN an energy‐efficient air interface. A UE uses the CSI‐RS and DM‐RS for channel estimation and measurement purposes only. A DMRS is used, instead, as an RS by the NR physical channels for its decoding by a UE. A DMRS is transmitted only when user data or signaling information is required to be transmitted. Similarly, the “always on” primary and secondary DL synchronization signals are used by a UE for synchronization and physical layer cell search procedures with the NG‐RAN, obtaining the cell identity, and frame timing. In the NR, the PSS, SSS, and PBCH are collectively called SS block, which is allocated on specific REs of a DL resource grid. Similar to the LTE system, predefined resources are assigned to each NR physical channel, except PUSCH AND PDSCH, and signals in time and frequency domains for transmission of transport channel carrying control information over the NR air interface. The individual transport channel is mapped to a particular physical channel, as listed earlier in Table 19.9.

409

410

Mobile Communications Systems Development

19.6.12.1  Reference Signals Transmitted as Part of Physical Channels

Reference signals used by different physical channels in the NR system are described in this subsection. ●●

Demodulation Reference Signals (DMRS)

Unlike the LTE system, there is no DL cell‐specific RS in the NR system. To help a UE in channel condition estimation and demodulating the associated UL and DL transmissions over different physical channels correctly, a UE‐specific DMRS is used instead. A DMRS is used for the acquisition and processing of PDSCH, PUSCH, PUSCH, PUCCH Format 2, PDCCH, and PBCH. This means a DMRS is available only when user data or signaling information transmission is available. Depending on the physical channel being used, its corresponding DMRS may occupy either one or two OFDM symbols in the time domain. The DMRSs are generated from the same binary sequences, as defined in TS 38.211 [106]. However, the PUCCH Format 1 and PUCCH Formats 3 and 4 use different binary sequences. DMRSs are initialized with different parameters as configured by the RRC layer. DMRSs for PDSCH and PBCH are described below. –– PDSCH‐DMRS A PDSCH DMRS is a UE‐specific RS which is transmitted in the same RB allocated for the PDSCH transmissions. For faster demodulation, DMRS for PDSCH is front‐loaded, i.e. time‐domain resource for a DMRS is allocated at the beginning of the RB allocated to its associated PDSCH. RRC layer configures the frequency domain and time‐domain resources for the DMRS, like its type, symbol positions, length, and so on, through the IE: DMRS‐DownlinkConfig. DMRS resources configuration by the RRC layer consists of the following information for a PDSCH scheduled UE: (a) DMRS mapping type This indicates the starting OFDM symbol of a slot allocated in the time domain for a PDSCH DMRS. Two mapping types are used – Type A and Type B – for a DMRS time‐domain resource allocation. In DMRS mapping Type A, the position of the DMRS OFDM symbol is either 2 or 3 (indicated by the dmrs‐TypeA‐Position in MIB) depending on the length of the DL PDCCH. For PDCCH OFDM symbol length = 2, which uses the OFDM symbols 0 and 1, the OFDM symbol 2 will be used for DMRS. For PDCCH OFDM symbol length = 3, which uses the OFDM symbols 0, 1 and 2, the OFDM symbol 3 will be used for DMRS. Refer to Table 5.1.2.1.1‐2–5 in TS 38.214 [109]. For mapping Type B, DMRS always occupies the first (i.e. Symbol 0th) OFDM symbol of a slot. Refer to TS 38.211 [106]. (b) PDSCH DMRS configuration type (DMRS‐DownlinkConfig ‐> dmrs‐Type) This indicates the number or density of REs allocated in the frequency domain for a DMRS in the associated PDSCH RB. Two configuration types – Type 1 and Type 2 – are used to allocate REs to a PDSCH DMRS in the frequency domain; refer to Tables 7.4.1.1.2‐1/2 in TS 38.211 [106]. (c) PDSCH DMRS length (DMRS‐DownlinkConfig ‐> maxLength) in the time domain of one OFDM symbol or two consecutive OFDM symbols. (d) Additional OFDM symbol positions (0, 1, and 3) for additional DMRS for channel condition estimation in case of high‐speed mobility scenario. Refer to Tables 7.4.1.1.2–3/4 in TS 38.211 [106]. Figure 19.57 illustrates the mapping of a DMRS (represented by a filled rectangle) to the frequency and time domain RE (k, l) of its associated PDSCH RB. In this illustration, DMRS resource configurations used are as follows: i)  PDSCH DMRS mapping type A and OFDM position l = 2 in the time domain; ii)  PDSCH DMRS configuration Type 1 (left side with OFDM maxLength = 1) and Type 2 (right side with OFDM maxLength = 2) in the frequency domain; and iii)  PDSCH DMRS maxLength = 1 and 2 OFDM symbols in the time domain.

5G NR Air Interface: User Plane Protocols Resource Element

DMRS

0123

……

13

1 Timeslot = 14 OFDM symbols Time PDSCH DMRS Configuration Type 1

1110 9 8 7 6 5 4 3 2 1 0

1110 9 8 7 6 5 4 3 2 1 0

PDSCH Resource Block

Frequency

0123

……

13

1 Timeslot = 14 OFDM symbols Time PDSCH DMRS Configuration Type 2

Figure 19.57  Illustration: mapping of DMRS to resource element and OFDM symbols.

In the frequency domain, the position (k) of the RE (represented by a filled rectangle) for the occurrences of DMRS is calculated using the expression described in Section 7.4.1.1.2 in TS 38.211 [106] in association with Table 7.4.1.1.2‐1/2 in TS 38.211 [106]. Based on these expressions and as illustrated in Figure 19.57, a DMRS symbol occupies every alternate RE, starting from RE:0, in configuration Type 1. In configuration Type 2, a DMRS symbol occupies two consecutive REs, starting from RE:0, and is placed six REs apart. Further, it is observed that the density of DMRS in configuration Type 1 is more than the configuration Type 2. Based on the DMRS configuration type and length (DMRS‐DownlinkConfig ‐> dmrs‐Type and maxLength) mentioned above, a UE finds the MIMO configuration being used in the DL or UL direction. For this purpose, NG‐ RAN provides the antenna port and layer information through the DCI 0–1, for PUSCH transmission or 1_1, for  PDSCH reception, to a UE. Using this information and in combination with the predefined Tables 7.3.1.1.2x/7.3.1.2.2x in TS 38.212 [107], a UE finds the MIMO antenna and layer configuration being used in UL and DL direction transmissions. –– PDCCH DMRS Transmission of a DCI over a PDCCH was described earlier in Section 19.6.10.5. A DMRS is also transmitted along with a PDCCH transmission. PDCCH DMRS is transmitted within the same REGs where PDCCH is transmitted. A PDCCH DMRS occupies three REs within an REG. Thus, the overhead due to a DMRS while transmitting a PDCCH within an REG is 25%. Due to this, not all the REs of REGs are available for transmission of a PDCCH. The positions of a DMRS or its mapping to REs within the REGs are fixed as described in TS 38.211 [106]. The positions start at Resource Element #1, 5, 9, and so on, as illustrated in Figure 19.58. A DMRS scrambling ID pdcch‐DMRS‐ScramblingID is used to initialize a DMRS by the NG‐RAN, which is configured by the RRC layer and is provided to a UE as part of a CORESET of a PDCCH. If pdcch‐DMRS‐ScramblingID is not available at UE end, the physical layer cell ID is used instead to scramble/descramble the PDCCCH DMRS. –– PBCH – DMRS A DMRS is also transmitted as part of PBCH transmission, for its demodulation, in the same OFDM symbols: 1, 2, and 3 but with different RE/subcarriers in the frequency domain. Thus, each PBCH has a different DMRS. Mapping of PBCH‐DMRS to the frequency and time‐domain resources is described later in Section 19.6.13.

411

412

Mobile Communications Systems Development Frequency REG 0

1

Figure 19.58  Illustration: mapping of PDCCH and its DMRS to REs and an OFDM symbol.

2 3 4 5 6 7 8 9 10 11 12 13 14 15 ….. …….

PDCCH DMRS REs Time

●●

PDCCH REs

DMRS Overhead per REG = 25%

Phase Tracking Reference Signal (PTRS)

5G NR system envisages providing high‐speed mobile data services through transmission and reception of data at extremely high or mmWave length frequency. However, one disadvantage of operating at mmWave frequency is that transmitter and receiver are subject to suffer from unwanted phase noise which is caused by the mismatch in transmitter and receiver frequency oscillators. 5GR NR system introduces the PTRS in UL and DL directions to track the phase of the frequency oscillator and mitigate the performance loss due to phase noise. Similar to the DMRS, a PTRS is associated with a PDSCH or PUSCH and is transmitted in the same RBs allocated to them. To a UE, the NG‐RAN indicates the transmission/reception requirements of PTRS with PUSCH/ PDSCH as part of their configurations by the RRC layer through the IEs DMRS‐Downlink or Uplink Config ‐> phaseTrackingRS. DL PTRS is generated from the DMRS associated with a PDSCH, which is further scaled by a factor as described in TS 38.211 [106]. For more information on the process of allocation of frequency and time‐domain resources as well as UE requirements of transmission/reception along with the DMRS of PDSCH or PUSCH, refer to TS 38.214 [109] in association with UL and DL PTRS configurations through the RRC layer IEs PTRS‐ DownlinkConfig and PTRS‐UplinkConfig. 19.6.12.2  Sounding Reference Signals

Similar to other wireless communications system, in a mobile communication system, the different characteristics of a channel over which information is transmitted are subjected to undergo various radio environmental conditions such as the path loss, and multipath effects. Such factors further impact the overall performance of a communication system. It is important to measure the channel characteristics by the receiver and report it to the sender so that the different transmission parameters can be adjusted in subsequent transmissions with respect to the present channel states. The result of channel estimation in one direction can be also used for the decision to allocate resources in other directions, for example, in the case of the TDD system, where a single frequency is used for transmission/reception in the UL/DL direction. But in the case of the FDD system, separate frequencies are used in DL and UL directions between a UE and its base station. The UE reports back the status of the DL channel state as measured by it to its base station. Thus, a channel sounding is the process of measurement and estimation, by the receiver, i.e. UE, and acquisition by the transmitted, i.e. gNB, on the characteristics or knowledge of a channel based on a known sequence of an RS. Channel condition estimation using DMRS, which is available only when scheduled data transmission is available, by a UE within the allocated bandwidth resource for PDSCH/PUSCH was described above. However, a channel sounding process does not involve the transmission of a physical channel, i.e. PDSCH or PUSCH. Due to this, a channel sounding method can be used to estimate channel state outside the allocated, and small, bandwidth resource as well as in the absence of scheduled data transmissions in UL or DL direction. Two channel sounding methods used in the NR system through DL and UL RSs are described below.

5G NR Air Interface: User Plane Protocols

–– Downlink Channel Status Information Reference Signal (CSI‐RS) In the 5G NR system, the CSI‐RS, over a BWP, is used as the channel SRS in the DL direction. A UE uses the CSI‐RS to measure the DL channel state and reports it to the gNB. Such a CSI is used by the gNB to acquire channel state for an efficient and channel‐dependent scheduling of UE in the DL direction. CSI‐RS is also used for the Layer 1/layer beam management as well as for mobility, through handover procedure, management purposes at Layer 3, i.e. RRC layer. NR system specifies zero‐power (ZP), i.e. nothing is transmitted in mapped REs in time and frequency domain, and non‐zero‐power (NZP) CSI‐RSs. Like in the LTE system, in NR too a UE measures the DL channel qualities using the CSI‐RS and reports the result to the NG‐RAN/gNB. Please note that Table 7.4.1.5.3‐1 in TS 38.211 [106] defines the possible locations of an NR CSI‐RS, in terms of a resource element in the frequency domain and an OFDM symbol in the time domain, which can be derived by a UE. This table contains the CSI‐RS resource information such as the number of antenna port(s); densities of 0.5, 1, and 3 in the frequency domain; code domain sharing (CDM) type; frequencyDomainAllocation; and firstOFDMSymbolInTimeDomain. From Table 7.4.1.5.3‐1 in TS 38.211 [106], the location of a CSI‐RS in time and frequency domain is indicated to a UE by the NG‐RAN through the RRC layer IE CSI‐RS‐ResourceMapping. The density information contains the occurrences, in the frequency domain, of the CSI‐RS in a given RB of a BWP. CSI‐RS density of 1 indicates its appearance in every RB, whereas a density of 0.5 indicates its appearance in every other RB. In the time domain, a CSI‐RS can be periodic (between 4 and 640 slots, refer to periodicityAndOffsetperiodicityAndOffset TS 38.331 [116]), aperiodic (indicated through DCI 0_1), and semi‐persistent (indicated through DCI 0_1 and MAC CE) in type. Using these resources and Table 7.4.1.5.3‐1 in TS 38.211 [106], a UE determines the CSI‐RS currently the NG‐RAN is transmitting in the DL direction. Refer to TS 38.211 [106] for more information on the processes of a CSI‐RS sequence generation from a pseudo‐random sequence and their mapping to REs based this table. It may be noted that the transmission of a CSI‐RS is limited to a maximum of 32 different antenna ports (from 3000 to 3032), which is indicated by the RRC IE: nrofPorts. –– UL SRS The SRS is used as the reference sounding signal in the UL direction because using a UL DMRS, only the associated physical channel state, i.e. PUSCH and PUCCH, can be estimated. An SRS is not transmitted with any other UL physical channel. Using an SRS in the UL, which is equivalent to the CSI‐RS in the DL, channel state can be estimated at a different frequency outside UE allocated resource also. SRS estimation result is used by the NG‐ RAN to determine channel quality in the UL direction, and based on it, suitable radio resources with a good channel state are allocated to a UE for transmission in the UL direction. Similarly, as in the case of the LTE system, an SRS in the NR system can be a periodic as well as aperiodic type. An SRS can be transmitted in the frequency hopping as well as non‐ frequency hopping mode. RRC layer configures the UE SRS resource through the IE: SRS‐Config. Bandwidth allocation for the SRS can be between 4 and 272 RBs as defined in Table 6.4.1.4.3‐1 in TS 38.211 [106]. This means minimum bandwidth allocation for SRS is 4 RBs and thereafter in multiples of 4. A row from this table is selected using the information provided as part of SRS‐ Config information. In the time domain (l), an SRS can occupy a maximum of four OFDM symbols (SRC‐ config  ‐> …nrofSymbols) within the last six symbols of a slot as configured by the RRC layer SRC‐config ‐> SRS‐Resource ‐> resourceMapping ‐> startPosition. The starting position of the last symbol is 0; the starting position of the second last symbol is 1; and so on. Further, in the frequency domain, the SRS appears to be a comb‐like structure, i.e. SRS is transmitted at a particular subcarrier in comb style. The comb values (SRS‐Config ‐> transmissionComb) as configured by the RRC layer are 2 and 4. That is, SRS is transmitted at either every second or fourth subcarrier. Figure 19.59 illustrates an SRS transmission with comb value = 4, i.e. every fourth subcarrier, along with the time‐domain resources of four OFDM symbols allocated from the resourceMapping, starting from 1 to 4.

413

414

Mobile Communications Systems Development Frequency 1110 9 8 7 6 5 4 3 2 1 0

Resource Block

SRS 5 4 3 2 1 0 0 1 2 3 4 5 6 7 8 9 10 1112 13

1 Timeslot = 14 OFDM symbols Time Time-domain Resource Allocation for SRS

Figure 19.59  Illustration: time‐domain resource allocation for SRS.

Refer to TS 38.211 [106], 38.331 [116] for more information on the frequency domain resource allocation and mapping process applied to UL SRS. SRS generations from a base sequence and their mapping to REs are described in TS 38.211 [106]. It may be noted that the transmission of an SRS is limited to only four antenna ports.

19.6.13  Downlink Synchronization Similarly, as in the case of the LTE system, a UE upon its power on requires acquiring time (i.e. symbol and timeslot) and frequency synchronizations with an NR network to select a suitable cell and provide 5G services to users. This task is performed by a UE as part of its physical layer cell search and selection procedure, which is further followed by the acquisition of system information from the NG‐RAN. To help a UE to synchronize with the NG‐RAN, the NR physical layer transmits the synchronization signals in DL direction within a cell with a predefined signal and sequence. This procedure is similar to the LTE system. Further, to help a UE get synchronized with an NR network, the synchronization signals are put into predefined RE and OFDM symbols in the frequency and time domain. The overall process of UE synchronization within an NR system is described below. ●●

Physical Layer Cell identity (PCI)

Similar to the LTE system, a UE derives the PCI from the DL PSS and SSS. Also, in the NR system, the number of PCI groups is 336 (0–335) as compared to 168 in the LTE system. The PCI group (0 to 335) is obtained from the SSS. Each group contains three unique cell identities (0, 1, and 2) which indicates three PSS sequences within the PCI group. A cell identity can be obtained from the PSS. Refer to Section 7.4.2 in TS 38.211 [106] for the formula used to calculate the NR PCI. ●●

PSS, SSS, and Synchronization Signals Block (SSB) for Cell Search Procedure

The PSS is the first signal to be detected through correlation by a UE, which is followed by the detection of the SSS. In the LTE system, the PSS is generated from a Zadoff–Chu sequence, whereas in the NR system, the PSS is generated from an m‐sequence, as described in Section 7.4 in TS 38.211 [106]. Further, in the LTE system, the PSS is mapped to 72 subcarriers, whereas the NR PSS is mapped to 127 subcarriers. Using the combination of PSS and SSS, the UE derives the PCI of the associated cell. Once a UE is synchronized with NR‐RAN, it searches for the PBCH DMRS, which is used to demodulate the PBCH in association with the derived PCI since the information

5G NR Air Interface: User Plane Protocols

transmitted over PBCH is initialized with PCI by the NG‐RAN. UE decodes the PBCH bits and reads the minimum system information transmitted by the NR‐RAN over the PBCH, containing the MIB for UEs in the selected cell. Unlike the LTE system, in the NR system, the PSS, SSS, and PBCH are bundled and transmitted together as a single block which is called the Synchronization Signals and PBCH block (SS Block – SSB). An SS block, which starts with the PSS, is transmitted periodically through a set of resources in the frequency and time domain of RB over the Antenna Port #4000. A UE uses an SS block for the following purposes: –– To synchronize with the NG‐RAN; –– To read the system information broadcasted by the NG‐RAN; –– To perform beam management‐related procedures, which are described in the next section; and –– To find a cell as part of its initial cell search or during its idle or mobility state within the NR coverage area. For an overall structure of the SS block in frequency and time domain, refer to figure 5.2.4‐1 in TS 38.300 [111]. An SS block has a fixed size in the frequency and time domain of a carrier frequency. A complete SS block occupies 240 subcarriers (from 0 to 239) or 20 RBs in the frequency domain and four consecutive OFDM symbols, starting from 0 to 3 within the SS block, in the time domain. Refer to Section 7.4.3/Table 7.4.3.1‐1 in TS 38.211 [106]. From this table, the time and frequency domain resource which are mapped to the PSS, SSS, and PBCH/ DMRS are as follows: –– PSS is transmitted in the first OFDM symbol location index: 0 within the SS block and is mapped to center 127, out of 240, subcarriers/REs starting from 56 to 182 in the frequency domain. Each PSS symbol generated using the sequence generator mentioned in Section 7.4.2 in TS 38.211 [106] is mapped to one of these subcarriers. –– SSS is transmitted in the third OFDM symbol location index: 2 within the SS block and is mapped to center 127, out of 240, subcarriers/REs starting from 56 to 182 in the frequency domain. Each SSS symbol generated using the sequence generator mentioned in Section 7.4.2 in TS 38.211 [106] is mapped to one of these subcarriers. –– PBCH and its associated DMRS are transmitted with three OFDM symbol locations: 1, 2, and 3 within the SS block. When PBCH is transmitted in OFDM symbols 1 and 3, it occupies the entire 240 subcarriers, i.e. 0–239. However, the DMRS is also frequency multiplexed and transmitted in the same OFDM symbols 1, 2, and 3, which start at RE #0. –– Some of the subcarriers are empty such as 0–55 in OFDM symbol position #0. It may be noted that each PSS, SSS, and PBCH and its DMRS is scaled by its corresponding factor, as described in Section 7.4.3 in TS 38.211 [106]. ●●

SCS and Bandwidth of SS Block

SCS numerology 0 (15 kHz), 1 (30 kHz) for operating band 6 GHz with the normal CP are used for transmission of an NR SS block. Accordingly, the bandwidth of an SS block for these SCSs is 3.6 (=240 * 15 KHz) MHz, 7.2, 28.8, and 57.6 MHz, respectively. SCS for an SSB block is indicated through RRC layer IE: ServingCellConfigCommon ‐> ssbSubcarrierSpacing. The duration of the SS block also depends on the SCS being used, as illustrated below. ●●

SS Block Periodicity

It is configured by the RRC layer through the IE: ServingCellConfigCommon/ServingCellConfigCommonSIB ‐> periodicityServingCell. If the RRC layer does not configure the periodicity, the default value of the periodicity of the transmission of the SS block is assumed to be 5 ms. In the case of initial cell selection, the periodicity of transmission of SS block may be assumed as 20 ms.

415

416

Mobile Communications Systems Development ●●

Location of PBCH DMRS

From Table 7.4.3.1‐1 in TS 38.211 [106], it is observed that PBCH and its DMRS is transmitted in the same OFDM symbols 1, 2, and 3 in the time domain in a multiplexed way. However, depending on the PCI (last row, last column from Table 7.4.3.1‐1 in TS 38.211[106]) of a cell, the position of the DMRS varies in frequency domain across the different cells. The starting position of the PBCH DMRS can be RE #0, 1, 2, or 3 in the frequency domain. This is calculated using the PCI and formula (PCI mode 4) as mentioned in Section 7.4.3.1 in TS 38.211 [106]. Using the PCI, which has values from 0 to 1008, the starting position of the PBCH DMRS in different cells repeats as 0 1 2 3, 0 1 2 3, …. From this calculation, it is observed that in the frequency domain, the position of the DMRS across the different cells with different PCIs can be at RE #0, RE #1, RE #2, RE #3, RE #0, RE #1, and so on. As an example, and based on Table 7.4.3.1‐1 in TS 38.211 [106], a visual illustration on the allocation and length of the PSS, SSS, and PBCH/DMRS in frequency and time domain is illustrated in Figure 19.60 for physical cells satisfying the condition: mod (PCIs, 4) = 0. In this illustration, the starting position of the DMRS is shown to be at RE #0 with OFDM symbols 1, 2, 3 for typical cell IDs 0, 4,8,12, and so on. In the above illustration, the time‐domain positions of PSS, SSS, and PBCH/DMRS are concerning the SS block only. Depending on the SCS being used, the actual stating location of the first OFDM symbol of each SS block varies in the time domain, which will be described later at the end of this section. The frequency domain position of PSS and SSS is fixed, while it varies for PBCH and DMRS across different cells based on its PCI. For example, for physical cells satisfying the condition: mod (PCIs, 4) = 1, the starting position of the PBCH DMRS is RE #1, for a mod (PCIs, 4) = 2, the starting position of the PBCH DMRS is RE #2, and lastly, for a mod (PCIs, 4) = 3, the starting position of the PBCH DMRS is RE #3. ●●

SS Burst and SSB Index

In the NR system, PSS, SSS, PBCH, and its DMRS are transmitted in the form of a burst. A burst contains several SS blocks with a total duration of 5 ms. Recall the structure of an NR frame which is of 10 ms duration containing 10 subframes with 10 slots. An NR frame is divided into two half frames, and each has a 5 ms duration. An SS burst has a duration of a half‐frame, i.e. five subframes, of an NR frame. Each slot has 14 OFDM symbols in the case of Figure 19.60  Illustration: position of PSS, SSS, PBCH‐ DMRS within an SS block for cells with a mod (PCIs, 4) = 0.

Frequency 239 238 237 184 183 182 …. 56 … 47 … 4 3 2 1 0

0 0 0 …0 0 0 0 P P P 0 0 0 0 0 0 0 0

B B B … … D B B … D B … B D B B B D

B B B … … 0 0 S S S B … B D B B B D

B B B … … D B B … D B … B D B B B D

127 Subcarriers

P: PSS, S: SSS B: PBCH, D: DMRS

0 1 2 3 4 5 6 7 8 9 10 11 12 13 1 Timeslot = 14 OFDM Symbols Time

5G NR Air Interface: User Plane Protocols

a normal CP. However, as listed in Table 19.5, the number of slots per subframe depends on the SCS or numerology being used. Therefore, the number of symbols in an SS burst also varies depending on the SCS being used. For example, the number of slots per subframe is 8 in case the SCS 120 kHz is used; for SCS 240 kHz, the number of slots is 16. Consider that the SCS 120 kHz/numerology 3 is used in a cell. The total number of OFDM symbols to be transmitted for an SS burst can be calculated as follows: Number of OFDM symbols in SS burst with 120 kHz SCS = OFDM symbols per slot or frame * number of slots per subframe * SS burst duration = 14 * 8 *5 = 560. Thus, an array of 240 × 560 dimensions can be used to represent the above SS burst. SS blocks of an SS burst per half‐frame are identified through a bitmap which is provided as part of a cell configuration by the NG‐RAN. Depending on the SCS/operating carrier frequency range being used in a cell – short, medium, and long formats of a bitmap are used to identify different SS blocks of an SS burst. A particular bitmap indicates the maximum possible SS blocks configured and transmitted by the NG‐RAN in a particular cell. Such a bitmap indicating the SS blocks of an SS burst is provided to UEs in a cell through the RRC layer IEs: ServingCellConfigCommon ‐> ssb‐PositionsInBurst and ServingCellConfigCommonSIB ‐> ssb‐PositionsInBurst. The IE ServingCellConfigCommon ‐> ssb‐PositionsInBurst provides the bitmap length (Lmax) of 4 bits, 8 bits, and 64 bits, i.e. the maximum number of possible SS blocks in each bitmap is 4, 8, and 64 per SS burst per half‐ frame or 5 ms window. On the other hand, the IE ServingCellConfigCommonSIB ‐> ssb‐PositionsInBurst provides SS blocks bitmap length of (Lmax) 8 bits, but each bit further represents a group of 8 SS blocks, giving a total 64 SS blocks per half frame. This bitmap may be used in case millimeter‐wave radio frequency is used in a cell for transmission and reception between UE and NG‐RAN through the beamforming method. Beamforming shall be described later in Section 19.6.14. SS blocks bitmap length of 4 bits may be used for operating carrier frequency range up to 3GHz, 8 bits may be used for operating carrier frequency ranging from 3 to 6GHz, and 64 bits may be used for operating carrier frequency ranging from 6 to 52.6 GHz. Figure 19.61 illustrates the time‐domain allocation of the maximum number of SS blocks for the above bitmap lengths: 4/8/64 configured under the IE: ServingCellConfigCommon ‐> ssb‐PositionsInBurst. Figure 19.62 illustrates the time‐domain allocation of SS blocks for the above bitmap lengths: 8 bits configured under the IE: ServingCellConfigCommonSIB ‐> ssb‐PositionsInBurst. ●●

SS Block Pattern in the Time Domain for Different SCS

It has been mentioned above that an SS block, comprising PSS, SSS, and PBCH/DMRS, occupies four consecutive OFDM symbols in the time domain, i.e. within an SS block the position of PSS: 0th index, SSS: 2nd index, and PBCH/DMRS: 1st, 2nd, and 3rd indices. The number of candidate SS blocks transmitted per SS burst may also vary, which is indicated by the corresponding bitmap (4/8/64 bits) mentioned above. To decode a candidate SS block, a UE requires to know the patterns, i.e. the occurrences and positions, of the SS blocks within an SS burst that spans across five subframes. Further, the first symbol, i.e. PSS, of each candidate SS block within the 5 ms window depends on the SCS frequency being used in a cell. For example, if the SCS 15 kHz is used in a cell, the Figure 19.61  Illustration: organization of SS blocks/burst in the time domain for bitmap length:4/8/64 bits.

1 NR Frame = 10 ms

1

……..

Half Frame = 5

SS

0

……..

SS

SS

Index

SS

Half Frame = 5 SS

…………………… Lmax-1

417

Mobile Communications Systems Development 1 NR Frame = 10 ms Half Frame = 5

Half Frame = 5

Figure 19.62  Illustration: organization of SS blocks/burst in the time domain for bitmap group length: 8 bits.

SS 2

3

4

7

9 ……..15

SS

8

SS

SS

1 …….…7

…...

SS

Index 0

6

…... SS

SS

…...

5

SS

1

SS

Group Presence 0

SS

418

56 57……...63

total number of OFDM symbols is 70 (5 TS, i.e. half frame for SS block × 14 symbols per TS). Within these 70 OFDM symbols for 15 kHz SCS, the PSS of each candidate SS block may appear at different OFDM locations (i.e. 2, 8,16, 22) in the time domain within the 5 ms window. This is true for other SCSs also where the number of starting positions of SS blocks is different and increases with an increase in SCS with a maximum of 64 for SCS 240 kHz. As described in Section 4 in TS 38.213 [108], there are five cases, A–E, defined for FR1 and FR2 bandwidths, that provide the patterns of SS blocks in the time domain using which a UE can detect and decode an SS block of an SS burst transmitted by the NG‐RAN. Case A SS block pattern is defined for SCS 15 kHz; Case B and Case C for 30 kHz; Case D for 120 kHz; and Case E for 240 kHz. Such an SS block pattern is used by a UE as part of its synchronization and cell search procedure with NG‐RAN. Consider Case A with 15 kHz SCS and 4 bits long‐short bitmap to be used for SS blocks of SS burst. Also, consider that the NG‐RAN transmits every SS block of the SS burst, i.e. all the bits of the short bitmap are 1. The index (zero‐based) for the first symbol, i.e. for PSS, for each SS block, can be derived with the following inputs: –– Case – A, L = 4 blocks per burst, i.e. ssb‐PositionsInBurst ‐> shortBitmap = 1 1 1 1 –– SCS = 15 kHz –– n = 0,1 For n = 0, first OFDM symbol index for each SS block = [2, 8] + 14 × n = [2 + 14 × 0,8 + 14x0] = [2,8] For n = 1, first OFDM symbol index for each SS block = [2, 8] + 14 × n = [2 + 14 × 1, 8 + 14.1] = [16,22] Thus, SS blocks starting OFDM symbol indexes are = 2,8,16 22 Positions of each SS block (indexed from 0 to 3 with shaded boxes) with the above indices in the time domain are illustrated in Figure 19.63. Similarly, for the positions of SS blocks with SCS 30, 120, and 240 kHz for the cases B–E, refer to Section 4 in TS 38.211 [106]. At this point, a UE synchronized with a physical layer cell and acquired the system information from the NG‐ RAN. The next step for a UE is to register itself with the 5G core network through a random access procedure with NG‐RAN, which is described in Section 19.6.20. In summary, a UE performs the following tasks in sequence as part of an NR physical layer cell search procedure: –– PSS and SSS search –– PBCH DMRS search –– PBCH demodulation –– Decoding of BCH transport channel –– Read MIB

5G NR Air Interface: User Plane Protocols Frequency

SS block shortBitmap SS Block: 0

1

SS Block: 1

1

1

1

SS Block: 2

SS Block: 3 ….

0 1 2 3 4 5 6 7 8 9 10 1112 13 0 1 2 3 4 5 6 7 8 9 10 1112 13 TS 0 = 14 OFDM symbols = 1 ms

TS 1 = 14 OFDM symbols = 1 ms …. Time

Figure 19.63  Illustration: positions of SS blocks in the time domain for Case A and SCS: 15 kHz with a short bitmap.

19.6.14  Millimeter Wave Transmission, Beamforming, and Its Management One of the fundamental differences between the LTE and 5G NR systems is the provision for transmissions using a very high or mmWave carrier frequency, which is above 24 GHz, in the case of the NR system. Transmission with mmWave carrier frequency, whose wavelength is in millimeter, envisages providing high data rates communication services to users in the NR system in urban areas. At the same time, transmission with mmWave carrier frequency suffers from path losses along with other environmental conditions or factors such as obstacles and rain due to which the mmWave signal strength gets attenuated/reduces at the receiver end, resulting in poor data communication services. To help and overcome such path losses and reduced signal strength issues, a directional or beamforming transmission technique is used when the mmWave frequencies are used in the NR system. A beamforming technique is achieved by increasing or decreasing the gain of antennas in a specific direction through the usages of a large number of antennas, called massive MIMO, at the base station. Massive MIMO antennas generate a composite signal/beam which is transmitted in a particular direction in a cell. The number of antennas in massive MIMO can be up to 256, TR 38.913 [27]. The size of an antenna depends on the wavelength of a radio frequency being transmitted. Being a short wavelength of a mmWave frequency (recall frequency × wavelength = speed of light), the size of the antenna used to transmit it is also small, which makes it feasible to put a large number of antennas within a given antenna panel. Transmissions using low and mid carrier frequency range, like in the LTE system, take place through a single omnidirectional antenna system. A single omnidirectional antenna covers an entire cell coverage area. On the other hand, to achieve coverage and capacity, transmissions using a very high frequency/mmWave take place through the directional antenna system using the beamforming technique. This is because mmWave frequency transmission suffers from large path losses along its propagation paths which further reduces the signal strength at the receiver end. The direction or shape of a transmission pattern depends on the type of antenna being used. For a directional antenna, the transmission pattern is a lobe shape, whereas for an omnidirectional antenna, the transmission patterns are in a doughnut‐like shape. In the case of an omnidirectional antenna system, the transmission energy is radiated in all the directions of a cell, i.e. covers the entire coverage of a cell. On the other hand, in the case of a directional antenna system, the transmission energy is radiated in a particular direction only of a cell, and hence its lobe shape pattern. A directional transmission pattern increases the coverage distances of a cell, but it decreases the beam‐width or coverage area. Thus, a directional transmission does not cover the entire coverage area of a cell or all the UEs located at different locations within a cell. To overcome this situation and provide network coverage across the entire cell area, the beamforming technique is applied in the NR system in case of transmission with mmWave carrier frequency. Transmissions/receptions with the beamforming method deployed in an NR cell have several aspects as described below.

419

420

Mobile Communications Systems Development ●●

Beam Management

Beams are transmitted by the NG‐RAN/gNB, called a Transmit/Receive point (TRxP). Beam management is a set of physical and MAC functions and procedures which are performed by the NR MAC as well as the physical layer for transmissions/receptions in DL/UL directions in case mmWave frequency is used in a cell. Beam management also deals with the recovery of a beam failure which is detected between a UE and the NG‐RAN. The scope of beam management tasks is illustrated in Figure 19.64. ●●

Reference Signals for Beam Management

DL and UL RSs are used to carry out beamforming and its management‐related tasks between a UE and the NG‐RAN in UE RRC idle as well as the connected state. In UE idle state, beam management is performed using an SS block, transmitted by the NG‐RAN in the DL, over the initial DL BWP only. On the other hand, in UE RRC connected state, UE beam management is performed using the CSI‐RS transmitted by the NG‐RAN in the DL direction over the active BWP. The SRS is used for beam management purposes in the UL direction (RRC IE: SRS‐Config  ‐> usages). Beam management using these RSs is performed over the respective and allocated BWP only, other than the initial BWP. Beam management functions and procedures are described below. ●●

Beam Sweeping: NR Initial Beam Selection in UE Idle State

DL SS block transmission was described earlier in Section 19.6.13 as part of the initial NR physical layer cell selection procedure. In the NR system, several SS blocks are transmitted, in the form of an SS burst, in the DL direction at different times within a 5 ms window or half‐frame duration. The number of DL SS blocks of an SS burst depends on the operating carrier frequency range being used in a cell. For the sub‐6‐GHz frequency range, more than one SS block may be used. In case mmWave frequency range is used, several SS blocks per SS burst are used, which are provided and configured by the NG‐RAN through SS block bitmap as described earlier in Section 19.6.13. Each SSB represents one beam in a particular direction within a cell and is identified through an SS block index. Thus, to cover UEs located at different locations of a cell, multiple SS blocks with index: 1…Lmax‐1 are configured and transmitted by the NG‐RAN in DL direction in different directions at different and predetermined times within the 5 ms or half‐frame window time. This process of transmitting multiple SS blocks, each covering a part of a cell, in different directions at different times in DL direction is called Beam Sweeping in the NR system, which is illustrated in Figure 19.65. ●●

Beam Determination

Among the available SS blocks within a cell, a UE selects an SS block or beam as part of its initial cell search procedure to communicate with the NG‐RAN. For a beam determination and selection purpose, a UE uses the DL SS‐RSRP (secondary synchronization signal RS received power). SS‐RSRP is determined from the DMRS which is transmitted along with the PBCH of an SS block. Note that the CSI‐RS may be also used to determine the

Beam Sweeping

Beam Determination

Beam Management

Beam Measurement

Beam Reporting

Beam Failure Recovery

Figure 19.64  Illustration: NR beam management procedures.

5G NR Air Interface: User Plane Protocols NR Frame Time

…

….

SS Burst = 5 ms SS Block 1

SS Block 2

-R

C

S

CSI-R

I CS

SS Block 3

Beam1

S

SSB1

SSB2 Beam-2

SI

….

-R

……

SS Block N

SC#239

S

PBCH

Beam-n SSB N

….

0000 PSS

PBCH

SSS 0000

SC#0

PBCH

PBCH

240 Subcarriers

….

4 OFDM Symbols

Figure 19.65  Illustration: NR beam sweeping with multiple beams.

SS‐RSRP. Further, an RSRP threshold, called rsrp‐ThresholdSSB, for a beam selection is also configured by the RRC layer. UE selects an SS block or a beam, as illustrated above, whose SS‐RSRP is greater than the threshold rsrp‐ThresholdSSB as configured by the RRC layer. The process of selection of an SS block or beam by a UE is called as P‐1 procedure in the 5G NR system; refer to TR 38.912 [26], 3GPP R4‐1814656 [140]. Further, due to user movement or UE rotation or other environmental factors, a UE requires to select a better TRxP beam from time to time to maintain desired beam quality between the gNB/TRxP and UE. This procedure performed by a UE is called Beam Refinement (P‐2) procedure, TR 38.912 [26], 3GPP R4‐1814656 [140]. Thus, the procedures P‐1 and P‐2 deal with beam sweeping at the gNB end. There is another procedure which is called as P‐3, TR 38.912 [26], 3GPP R4‐1814656 [140], where the gNB transmit the same beam, but the UE uses different received beams for UE beam sweeping and Rx beam refinement purposes to select the best received (Rx) beam by it. Thus, the purposes of the P‐1, P‐2, and P‐3 procedures are to find the best Transmit (Tx) beam at the gNB end and Receive (Rx) beam at the UE end. For more supplementary information, the reader may refer to R1‐1610239 [141]. –– Beam Correspondence Among the various capabilities of a UE, one mandatory and key capability is the Beam Correspondence, TS 38.101 [102], and RP‐182580 [138] for FR2. A Beam Correspondence is the capability of a UE to select a beam for its UL transmission based on the DL signal measurements. As a result of a beam correspondence, the gNB and a UE use the same beam for their transmissions as well as receptions and vice versa. A beam correspondence is illustrated in Figure 19.65 where a beam is used for transmission and receptions, shown by arrows, between the gNB and a UE. A UE indicates the support of a beam correspondence capability to the NG‐RAN, either through the selection of a beam autonomously or through a UL beam sweeping/refinement method. A UE provides the beamCorrespondenceWithoutULBeamSweeping capability information to the NG‐RAN. If a UE supports a beam correspondence with NG‐RAN, UE UL beam refinement is not required. For more information on the UE beam management‐related capabilities indication to the NG‐RAN, refer to TS 38.306 [112]. Using the selected beam through a beam correspondence, a UE transmits the random access preamble to the NG‐RAN as part of the MAC random access procedure described earlier in Section 19.5.3. The NG‐RAN allocates necessary radio resources and provides them to a UE over the same beam on which the RACH procedure was received from the UE.

421

422

Mobile Communications Systems Development

Usages of a beam correspondence between the gNB and a UE result in the improved network performances in terms of reduction of signaling overheads and time to select a right beam during the initial network access by a UE. For more information on the benefits of usages of a beam correspondence in NR, refer to 3GPP RP‐182452 [139]. ●●

Beam Level (Downlink) Measurement and Reporting

Similar to a serving cell‐level DL signal quality measurement configuration, the RRC layer may configure UEs to perform beam‐level measurement (refer to IE: MeasurementReport ‐> MeasResultNR in TS 38.331 [116]) and report the results to the NG‐RAN. Such measurement results may be used for the Layer 3/RRC layer, mobility management purposes through a handover procedure. Beam level DL measurements from several beams are used to derive the corresponding cell‐level DL quality. Beam‐level measurement can be performed while a UE is in RRC idle or connected state. In UE idle state, SS blocks, over the initial BWP, are used, whereas in the connected state, CSI‐RS, over the active BWP, is used for beam level DL measurement purposes. Since each SS block or CSI‐RS is identified through an index, a measurement report from UE to NG‐RAN is provided at the SS block or CSI‐RS index level. Refer to TS 38.215 [110] and TS 38.133 [104] for more information on SSB and CSI‐RS‐based NR physical layer intra‐ and inter‐frequency measurements; refer to TS 38.331 [116] for configuration and reporting processes of various measurements as indicated by RRC layer to UEs. NR measurements for Layer 3 mobility purposes shall be described further in Section 19.6.16. ●●

Link Recovery: Beam Failure Detection (BFD)

Due to varying environmental and RF channel state, and other obstacles, the signal strength of the current/ serving beam in use by a UE may become degraded and is no longer possible to continue using to communicate with the NG‐RAN. In such a scenario, the UE MAC layer requests and triggers the beam recovery procedure by transmitting a random access preamble toward the NG‐RAN. Before initiating a beam recovery procedure by the UE MAC layer, the UE physical layer detects a beam failure instance (BFI) and indicates it to the MAC layer. An instance of a beam failure is indicated from a UE physical layer to its MAC layer which is based on the RS resources – CSI‐RS or SS block configured under the RRC layer IE: failureDetectionResources. The Synchronization Signal‐based Reference Signal Received Power (SS‐RSRP) metric is used for SSB measurement, and the CSI‐RSRP metric is used for CSI‐RS measurement purposes; refer to TS 38.215 [110]. For beam failure detection purposes, DL radio link quality is determined by comparing the monitored results against a link recovery threshold, called Qin and Qout; refer to TS 38.133 [104]. Further, the thresholds are linked to a target block‐level error rate (BLER = #of erroneous transport block/Total transport block transmitted) of a hypothetical, not actual, PDCCH transmission in a DL direction. By comparing the DL radio link quality, which is based on the measured SSBs and/or CSI‐RSs RSs, to the link recovery thresholds, a UE detects a beam failure or a recovery instance. The default BLER‐level criteria for consideration of a BFI is 10% (i.e. worse quality), as mentioned in Tables 8.5.2.1‐1/8.5.3.1‐1 in TS 38.133 [104]. At this BLER level, a DL radio link cannot be received reliably by a UE, thus leading to a BFI between UE and the NG‐RAN. A UE performs the DL radio link quality measurement, based on periodic CSI‐RS, within the active DL BWP only to detect a BFI. If the UE MAC layer finds that the number of such BFIs, considering the qualities of all the CSI‐RSs, from the physical layer has exceeded the maximum value as configured under the RRC layer IE: beamFailureInstanceMaxCount, the UE MAC layer considers it as beam failure. UE MAC layer beam failure detection‐ related parameters are configured by the RRC layer through the IE: RadioLinkMonitoringConfig. ●●

Link Recovery: Beam Failure Recovery (BFR)

As described above, whenever the DL radio link quality of the DL RSs, i.e. CSI‐RS or SSB, transmitted by the NG‐RAN exceeds the configured BLER‐level threshold of PDCCH, the UE will consider it as a BFI. The UE physical layer will attempt to recover a radio link by sending a BFI indication to the UE MAC layer. The UE will select a new candidate beam whose SS‐RSRP or CSI‐RSRP is greater than its respective threshold, i.e. rsrp‐ThresholdSSB and rsrp‐ThresholdCSI‐RS.

5G NR Air Interface: User Plane Protocols

As part of a beam recovery procedure, a UE MAC layer selects a candidate beam from the BeamFailureRecoveryConfig ‐> candidateBeamRSList provided by the RRC layer and transmits a contention free RACH preamble to the NG‐RAN. The RACH preamble, its index, and the PRACH occasion correspond to the selected beam from the candidate list. If no such information is provided from the NG‐RAN/gNB, the UE will perform a contention‐based random access procedure. Further, the contention free RACH procedure is controlled by the timer beamFailureRecoveryTimer. On the expiry of this timer, a contention‐based RACH procedure is performed by the UE. In both the cases, i.e. contention‐free access and contention‐based random access, if the UE does not receive a random access response from the NG‐RAN/gNB even after the maximum retries with transmission power being ramped up, the UE will declare a radio link failure (RLF) and re‐establishes an RRC connection with NG‐RAN/gNB in the serving cell. The RRC layer, at gNB, configures UE MAC layer beam failure recovery‐ related parameters through IE: BeamFailureRecoveryConfig. Detection of a beam failure and its recovery procedures together constitutes the link recovery procedure in the NR system. Thus, the NR beam failure detection and recovery processes, which are performed at UE Physical (L1) and MAC layer (L2), as described above, can be summarized and consist of the following steps with the illustration shown in Figure 19.66: –– Detection of a beam failure –– Selection of a new beam from the given candidate beams (candidateBeamRSList) –– Beam failure recovery attempt by a UE through a random access procedure, which can be contention free (using the RACH information provided in RRC IE: BeamFailureRecoveryConfig) or contention based, to the NG‐RAN/gNB –– Beam failure recovery response through a random access response from the NG‐RAN/gNB to UE. If a BFR fails, an indication is sent to the RRC layer. Figure 19.66  Illustration: NR beam failure recovery procedure.

UE Physical Layer

Beam Failure Instance (BFI)

BFI Counter > MAX Count Yes Beam Failure Detected

UE MAC Layer

Select a new Beam

Perform RACH Procedure Yes No

RACH Response from gNB?

BFR Success

No RACH Max Retry Exceeded? Indication

Yes Radio Link Failure

[RRC CONNECTED] RRC Connection Re-establishment

No Suitable Cell

RRC IDLE

UE RRC Layer

423

424

Mobile Communications Systems Development

For more information on the NR BFD ad BFR procedure performed by its physical and MAC layer, refer to TS 38.213 [108]/TS 38.133 [104] and TS 38.321 [113]. The next section describes another similar procedure that is performed at a cell level by the NR UE physical layer and RRC layer and is called a Radio Link Monitoring procedure.

19.6.15 Cell‐Level Radio Link Monitoring (RLM) DL radio link quality measurements, which are based on the SS‐RSRP or CSI‐RSRP or both, for beam failure detection and its recovery purposes, have been described in the previous section. A radio link recovery procedure, which consists of beam failure detection and its recovery tasks, is performed at the NR Layer 1 (Physical) and Layer 2 (MAC). However, a DL radio link monitoring may be also performed at NR Layer 3, while a UE is in the RRC CONNECTED state. This is due to the varying and dynamic nature of an RF channel state where a UE in its RRC CONNECTED state requires to monitor the DL radio link quality over the active BWP of the cell. A UE performs radio link monitoring so that services are not interrupted to its user. UE uses the DL RLM reference signals (RLM‐RS), i.e. CSI‐RS based or SSB based or both, to monitor the DL radio link quality in a cell. In both of these methods, DL radio quality is determined by comparing the monitored results against two thresholds, Qin and Qout, as described in TS 38.133 [104], which is similar to the threshold used for a beam failure detection and recovery purposes as described in the previous section. Further, the thresholds are linked to a target block‐level error rate (BLER = #of erroneous transport block/Total transport block transmitted) of a hypothetical, not actual, PDCCH transmission in a DL direction. The thresholds are used to detect whether a DL radio link with quality as perceived by a UE can be considered as a cell‐level out of synchronization (OOS), i.e. problem at the physical layer and hence an RLF, or in synchronization (IS), i.e. physical layer problem recovered and no more RLF. OOS for a UE in RRC CONNECTED state indicates a problem at NR physical layer, and hence a radio link cannot be received reliably by a UE. In‐synchronization indicates a normal condition, as well as no more problem at the physical layer, and hence the radio link can be received more reliably by a UE. The default target BLER level for out‐of‐synchronization consideration criteria is 10% (i.e. worse quality), and for in‐synchronization or normal consideration criteria, the target BLER level is 2% (i.e. better quality), as mentioned in Table 8.1.1‐1 in TS 38.133 [104]. The UE RRC layer is intimated accordingly for such physical layer events, i.e. out‐of‐sync, in‐sync, based on which either an RLF is declared or recovered or enter into RRC idle state by the UE as specified in TS 38.331 [116]. BLER level for an out‐of‐synchronization condition is detected based on typical PDCCH transmission parameters as mentioned in Table 8.1.2.1‐1 (for SSB‐based link monitoring) and Table 8.1.3.1‐1 (for CSI‐RS‐based link monitoring) in TS 38.133 [104]. Similarly, to consider the DL radio link as in‐synchronization or normal, the target BLER‐level requirement is 2% (i.e. better quality), as mentioned in Table 8.1.2.1‐2 (SSB based) and Table 8.1.3.1‐2 (CSI‐RS based), in TS 38.133 [104]. Note that the BLER level for out‐of‐synchronization and in‐synchronization threshold may be provided by the RRC layer also through the IE: rlmInSyncOutOfSyncThreshold. Further, depending on the operating frequency range, i.e. FR1 or FR2, being used, the RRC layer configures the reference signals (CSI‐RS or SSB) to be used for radio link monitoring purposes through the IE: RadioLinkMonitoringConfig ‐> failureDetectionResources; refer to Table 5‐1 in TS 38.213 [108] and Table 8.1.1‐2 in TS 38.133 [104]. The periodicity to measure and indicate a radio link as out‐of‐ synchronization or in‐synchronization from UE physical layer to the RRC layer is defined in Table 8.1.2.2‐1/2 (FR1/FR2) TS 38.133 [104], for SSB based, and in Table 8.1.3.2‐1/2 (FR1/ FR2) TS 38.133 [104], for CSI‐RS‐based DL radio link monitoring. The result of DL RLM is reported to the UE RRC layer with status either as out of sync or in sync based on thresholds as mentioned above. Upon detection of an RLF, the UE, in RRC CONNECTED state, re‐establishes the RRC connection by sending the RRCReestablishmentRequest message to the NR‐RAN in the serving cell or may enter into the RRC idle state if a suitable cell is not found. RRC layer configures RLM along with the beam failure

5G NR Air Interface: User Plane Protocols

recovery‐related parameters through the IE: RadioLinkMonitoringConfig. The purpose of configuration, i.e. beam failure or RLF and the detection resource, i.e. SS block or CSI‐RS, is specified using the IE: RadioLinkMonitoringRS. Refer to TS 38.331 [116] for more information on these parameters and UE actions taken upon the detection of an RLF. Figure 19.67 illustrates the RLF detection process at UE end, in RRC CONNECTED state, using RLF‐related timers and counters. An RLF declaration by a UE is based on the expiry of the RRC layer T310 timer at UE end. Timer T310 at the UE RRC layer expires as a result of consecutive indications of the UE physical layer problem, i.e. out‐of‐synchronization, to its RRC layer. Also, counters such as the N310/311 and timers T310/311 are used at the UE RRC layer for detection of an RLF issue in an NR cell, and they are configured by the RRC layer at NG‐ RAN through the IE: RLF‐TimersAndConstants, TS 38.331 [116]. From Figures 19.66 and 19.67, we can note one difference between beam failure detection and its recovery and the RLF monitoring processes that in the case of the former one, a beam failure indication from the physical layer is counted by the MAC layer. On the other hand, in the case of an RLF monitoring process, an out‐of‐sync or in‐sync indication from the physical layer is counted by the RRC layer. However, both the processes use the same RS as well as the BLER limit of a hypothetical PDCCH. It may be noted that a UE may also declare the occurrence of an RLF if the maximum retransmission count of an SDU by the RLC layer in its AM has reached the threshold. In summary, in the NR system also, an RLF at UE end may occur due to the failure of a random access procedure during a BFR or a physical layer issue, i.e. out‐of‐sync, or exceeding of maximum retransmission limits of an RLC layer SDU. The occurrences and clearance of an RLF problem may be notified to the operation and maintenance (O&M) operator through a suitable alarm, as described earlier in Chapter 15.

UE Physical

BLER = 2%

BLER = 10%?

Layer Measurement

Yes

Yes

Recovery and In-sync Indication from Physical layer

Out-of-sync Indication from Physical Layer Yes

Yes

++N310 N311 = 0 (Reset)

N310 = 0 (Reset) ++N311 UE RRC

Yes No

N310 > Max?

Layer

No

N311>Max? Yes

Yes Start T310

T310 Expired?

Stop T310 No

Yes UE RLF

No Suitable Cell

[RRC CONNECTED]

RRC IDLE

RRC Connection Re-establishment

Figure 19.67  Illustration: UE RLF due to out‐of‐synchronization indication/BLER.

425

426

Mobile Communications Systems Development

19.6.16  RRM Measurements for UE Mobility UE beam failure detection and its recovery as well as radio link monitoring have been described in the previous Sections 19.6.14 and 19.6.15 which are based on the DL radio link quality measurements using the SS‐RSRP and CSI‐ RSRP RS. Such a failure detection and its recovery at an NR beam level (intra cell) are performed at the UE Layer 1, i.e. physical layer, and Layer 2, i.e. MAC layer, for an idle and stationary UE. In a beam level (intra cell) failure detection and recovery process, no signaling connection exists at the RRC (Layer 3) level between a UE and the NG‐RAN. Similar to the previous generation mobile communication systems, one basic functionality of the NR system for the continuation of ongoing communication services of a UE is to support the UE and its user mobility at a cell level as the UE/user moves from one cell to another cell within a coverage area. A UE/user mobility at a beam level, within a cell, is also required to be supported through the beam management procedures, as described in Section 19.6.14. A cell‐level mobility shall be required to be supported for an idle as well as connected UE and its user. For a UE in RRC CONNECTED state, its cell‐level mobility is supported by transferring the RRC signaling connection to the target cell through a handover procedure as described earlier in Section 18.5.5. For a UE in RRC idle state, its cell‐level mobility is supported through a cell selection and reselection procedure which is performed by the UE. Such a UE mobility requirement is accomplished by measuring the DL radio link quality of the serving as well as neighbor cells by the UE. Further, for a UE in RRC CONNECTED state having an RRC signaling connection with the NG‐ RAN, the UE reports the measurement results to the NG‐RAN. Requirements for reporting of measurement results are configured by the NG‐RAN to a UE. Based on the measurement results and reports, the NG‐RAN may decide to handover a call of a UE in its RRC CONNECTED state. Such measurement result inputs used by the NG‐RAN to manage the mobility of a UE through a handover procedure is called as Radio Resource Management (RRM) measurements, which is also performed in the previous generation mobile communication systems. Thus, the basic principles of overall RF measurements in the NR system are similar to the procedure used in the LTE system. However, there are differences also between the LTE and NR measurement procedures because of multibeam‐based operations and the absence of cell‐specific RSs in the NR system. Different aspects, i.e. basis of measurements, framework, and overall working procedure, of an RRM procedure used in the NR system are described next. 19.6.16.1  RRM Measurement Signals and Their Quantities

In the NR system, an RRM measurement may be based on the SS block(s) or CSI‐RS signal. The NG‐RAN configures a UE to perform an SS block or CSI‐RS‐based measurement in RRC idle, inactive, and connected states using their respective measurement metrics/quantities mentioned below. –– Reference Signal Received Power (RSRP): The metric SS‐RSRP is used for SS‐based measurement and CSI‐ RSRP is used for CSI‐RS‐based measurement. SS‐RSRP provides the linear average over the power contributions of the REs that carry Secondary Synchronization Signals. CSI‐RSRP provides the linear average over the power contributions of the REs of the antenna port(s), e.g. 3000, 3001, and so on, which carry CSI reference signals configured for CSI‐RS‐based RSRP measurements. –– Reference Signal Received Quality (RSRQ): The metric SS‐RSRQ is used for SS‐based measurement and CSI‐ RSRQ is used for CSI‐RS‐based measurement. RSRQ is the ratio of respective RSRP to the RSSI (received signal strength indication) over several resource blocks within the measurement bandwidth. –– Signal‐to‐Noise and Interference Ratio (SINR): The metric SS‐SINR is used for SS‐based measurement and CSI‐SINR is used for CSI‐RS‐based measurement. SINR is derived from the linear average over the power contribution of the REs that carry the SSSs or CSI‐RS divided by the linear average of the noise and interference power contribution over the REs that carry the SSSs or CSI‐RS. For the definition of the above metrics/quantities of SS block or CSI‐RS‐based measurements, refer to TS 38.215 [110]. In the LTE system also, similar metrics for RRM purposes are used. Measurements of the above metrics/ quantities depend on the state of the RRC layer at UE end. The SINR is measured in RRC CONNECTED state

5G NR Air Interface: User Plane Protocols

only. Similarly, the CSI‐RSRP and CSI‐RSRQ are measured in UE RRC CONNECTED state only. Using these metrics, the NG‐RAN may configure a UE to perform the following types of DL radio link measurements. –– NR intra‐frequency, where the center frequency as well as the SCS used in the serving cell as well as neighbor cells are the same; –– NR inter‐frequency measurements; and –– Inter‐RAT, LTE/E‐UTRAN only, measurements. 19.6.16.2  RRM Measurements Framework

Similar to the LTE system, a measurement framework between a UE and the gNB is used in the NR system also to perform an RRM measurement by the UE, and its reporting to the gNB, using the metrics described above. An RRM measurement framework in NR also consists of the following components to perform intra/inter‐frequency and inter‐RAT measurements. –– Measurement objects for LTE/E‐UTRAN and 5G NR, i.e. carrier frequency, subcarrier spacing (for NR), SS‐ block, CSI‐RS, and so on, to be measured by a UE. Refer to IE MeasObjectNR, TS 38.331 [116]; –– Reporting configurations, i.e. periodical or event‐based reporting, RS to be measured (i.e. SSB or CSI‐RS); –– Measurement identities; –– Quantity configurations, i.e. the SS block or CSI‐RS to be measured as well as the Layer 3 filtering coefficient to be applied for a particular measurement quantity; –– Measurement gaps; and –– SS Block Measurement Time Configuration (SMTC) window. Figure 19.68 illustrates the possible associations among the above components of the NR RRM measurement framework. Figure  19.68 illustrates a list (1…N) of measurement objects and reporting configurations. A measurement object and a reporting configuration are assigned with a measurement identity. Further, a measurement object may be associated with more than one reporting configurations with unique measurement identities. All such logical objects of a measurement framework are configured by the NG‐RAN to a UE through the IE: measConfig in the RRCReconfiguration message; TS 38.331 [116]. ●●

RRM Measurements Events for Reporting

Based on the configuration information provided by the NG‐RAN under the above measurement framework, a UE performs the DL radio link measurements in a cell. A UE reports the measurement results to the NG‐RAN based on certain events, which are similar to the LTE system. Such events may be classified into two categories as mentioned below. Meas.

Meas.

Quantity Config

Quantity Config

Measurement Object 1

Measurement Object 2

Meas. ID = 1

Meas. ID = 2

Reporting Config1

Meas. ID = 3

Meas. Quantity Config

ID = 4 Meas. Meas. ID = 5

Reporting Config2

Figure 19.68  Illustration: NR RRM measurements framework.

Measurement Object N Meas. ID = 6 Reporting Config N

427

Mobile Communications Systems Development

–– Events (A1–A6) used for reporting intra and inter NR frequency measurement results to the NG‐RAN; –– Events (B1–B3) used for reporting inter‐RAT frequency measurement result in the NG‐RAN. Each event mentioned above has its exit and entry criteria; refer to TS 38.331 [116]. An event is triggered on fulfilling its criteria, and the measurement result is reported from a UE to the NG‐RAN. Prior to the evaluation of the criteria of an event, a Layer 3/RRC layer filtering is used. ●●

Measurement Gap

While a UE is engaged in transmission/reception within its active BWP in its serving cell, it may not be able to perform DL radio link measurements for the intra‐ and inter‐frequency as well as inter‐RAT signals and their quantities provided in a measurement object to the UE. For such UEs, a measurement gap is provided by the NG‐RAN during which the UE does not transmit/receive in its serving cell but measures the DL radio link quality of signals and their quantities, outside the active BWP, provided in the measurement object to it. The NG‐RAN provides measurement gap information in the form of a measurement gap pattern; refer to Table 9.1.2‐1 in TS 38.133 [104]. A measurement gap pattern consists of Measurement Gap Length (MGL) and Measurement Gap Repetition Period (MGRP), both are specified in milliseconds. As shown in Figure 19.69, a measurement gap includes RF switching time also at the beginning and end of a measurement process. ●●

SMTC window duration

The SMTC window is a new concept that has been introduced as part of the NR RRM measurement process. An SMTC window is defined, with a periodicity, offset, and duration, within a measurement gap. Within an SMTC window duration only, a UE measures the DL radio link signal strength and quality for the serving cell as well as its neighbor cells as configured by the NG‐RAN to the measuring UE. Only the SSB blocks that fall within the SMTC window are measured. Figure 19.69 illustrates the usages of a measurement gap and its SMTC window (indicated by the rounded dotted rectangle), which are used during an NR RRM measurement process, for a typical serving cell and one neighbor cell. As illustrated in Figure 19.69, within an SMTC window, the UE measures four SS blocks in its serving cell, which can be specified through the IE: MeasObjectNR ‐> SSB‐ToMeasure, TS 38.331 [116].

Measurement Gap Repetition

RF Switching Time

SMTC Window (ms)

SSB

SSB

SSB

SSB

SSB

SSB

SSB

Neighbor Cell

SSB

SSB

SSB

SSB

SSB

SSB

Measurement Gap

SSB

SSB

SSB

SSB

Measurement Gap (ms)

SSB

SSB

SSB

SSB

SSB SSB SSB

SSB

SSB

SSB

SSB

SSB

Measurement Gap (ms) RF Switching Time

SSB

428

Serving Cell

SMTC Window (ms)

Time

SMTC Window Periodicity

Figure 19.69  Illustration: NR RRM measurement gap and SMTC window.

5G NR Air Interface: User Plane Protocols RRM Measurements Process

Config.

Perform Meas.

Conditions Evaluations

Reporting

Action by gNB

Figure 19.70  Illustration: NR measurements process.

19.6.16.3  Overall RRM Process

In the previous Sections 19.6.16.1 and 19.6.16.2, NR measurement metrics and their framework have been described. Using the measurement matrices and its framework, the overall NR measurement process, which involves both the UE and gNB, contains several stages, as illustrated in Figure 19.70. The gNB configures the measurement requirements and its reporting criteria toward a UE using the RRC layer signaling message described below. –– Measurements Configurations In this step, using the RRCReconfiguration message, the gNB configures the measurement‐related information to a UE such as the criteria, i.e. periodical or event‐driven, for measurements reporting to gNB; the measurement gap to be used by a UE; and the type of cells, i.e. serving cell, listed cell, or detected cell. The eNodeB provides the measurement‐related information as well as other information such as thresholds and hysteresis to a UE through the RRC layer signaling message IE: MeasConfig. Each measurement configuration is identified by a corresponding measurement identifier that is used during the reporting step from the UE to the gNB. –– Perform Measurements In this step, a UE performs the actual measurement of various matrices described earlier. –– Conditions Evaluations In this step, a UE evaluates the reporting conditions of measurement results to be reported to the gNB. The conditions are based on the measured value of the received signal strength and quality as well as the other information provided during the configuration of a particular measurement. A UE measurement and reporting is termed as an event (A1–A6, B1–B3), as described earlier. –– Measurement Reporting In this step, a UE reports the measurement result performed by it to the gNB using the RRC layer message MeasurementReport. The measurement result contains the measured value of the RSRP and RSRQ for the serving cell and its neighbor cells. –– Measurement Action In this step, for a UE in its RRC connection state, the gNB may decide to initiate a handover of the ongoing call to another cell or network based on the measurement report provided by the UE. For a UE in its RRC idle state, it may select the best cell among the measured ones and perform a cell reselection to make it as the serving cell. Example 19.11 illustrates a practical scenario where the DL signal level is measured and displayed by a UE from its live network.

429

430

Mobile Communications Systems Development

Example 19.11  Intra‐/Inter‐Frequency NR and Inter‐RAT DL Signal‐Level Measurements by Mobile Device with Multiple SIMs Use a mobile app for network signal measurement purposes. Insert two SIMs of different RATs, e.g. one 4G SIM and one 5G SIM. In case if both the SIMs are 5G, set the preferred network for one SIM as 4G. Using the mobile APP, one can observe the intra‐/inter‐frequency NR and inter‐RAT DL signal‐level measurements as follows. ●● ●●

RSRP – DL signal strength (in dB) for LTE E‐UTRAN and 5G NG‐RAN. RSSI ‐ DL signal strength (in dB), for LTE E‐UTRAN and 5G NG‐RAN.

The mobile device will measure and display the DL signal levels and quality (RSRQ) received from the E‐ UTRAN and 5G base stations.

19.6.17  Channel State Information (CSI) In a wireless communications system, the RF channel state does not remain the same but varies from time to time due to various environmental factors. Also, as a mobile user moves from one area to another area, the mobile device experiences different signal quality and strength. It also depends on the current position of the user. Under such conditions, the transmitter or the base station needs to know the current state of the DL channel for effective transmissions with multiple antennas and good signal quality. The base station adapts the subsequent data transmissions with the current channel states/properties to provide reliable and high data rates services, especially with multiantenna transmissions with the MIMO method, to a UE/user. Similar to the LTE system, a DL channel state is measured at a receiver, i.e. UE, end and is reported back to the transmitter, i.e. gNB. To manage such dynamic environmental conditions for transmissions with multiple antennas and MIMO method, a UE measures the DL non‐zero powered (NZP) CSI Reference Signal (NZP CSI‐RS) and CSI‐Interference Management (CS‐IM) signals received, for a given number of antenna ports, from the gNB over a particular BWP. The CSI‐RS was described earlier in Section 19.6.12. Using these reference signals, a UE measures and reports the current channel state as experienced to be best by it to the gNB over the PUCCH or PUSCH. Based on the CSI and its recommendations, the gNB may adjust the current resources allocated to a UE dynamically in terms of the number of transmission layers for DL single‐user or multiuser MIMO transmissions, allocation of a more robust coding scheme, and so on so that error‐free information is delivered to the UE. ●●

Framework of CSI Measurements and Reporting

The NR framework of CSI reporting from a UE to the gNB consists of two components  –  CSI Reporting Configurations and CSI Resource Configurations. Both are configured by the RRC layer using its IEs: CSI‐ ReportConfig and CSI‐ResourceConfig, containing the frequency domain and time‐domain information to be measured and reported by a UE to gNB. –– CSI Report Configuration CSI report configuration includes the parameters, and their periodicity, to be reported by a UE to the gNB. The names of CSI parameters (IE: reportQuantity) are Channel Quality Indicator (CQI), Precoding Matrix Indicator (PMI), SS/PBCH Block Resource indicator (SSBRI), CSI‐RS resource indicator (CRI), RI, Physical Layer RSRP, and Layer indicator (LI). The time‐domain information of CSI reporting configuration contains the periodicity of reporting which can be periodic, aperiodic, and semi‐persistent. A periodic CSI report can be sent over the PUCCH only; a semi‐persistent CSI report can be sent over the PUCCH or PUSCH; and an aperiodic CSI report can be sent over the PUSCH only, which is activated by the gNB over a DCI. The frequency domain information of CSI reporting settings contains the flexible granularity of the frequency band to be measured and reported, which can be a wideband or sub‐band, i.e. small portion. Similar frequency band granularity is used in the LTE system also. A semi‐persistent or aperiodic CSI report based on a wideband and sub‐band measurement can be transmitted over

5G NR Air Interface: User Plane Protocols

the PUSCH. An example of a wideband measurement includes the combinations of the CSI parameters such as the CRI, RI, PMI, CQI, or CRI, LI, PMI, and CQI. Further, a CSI report configuration includes codebook configuration also, which can be of Type I or Type II. –– CSI Resource Configuration The CSI resource configuration includes the RS, i.e. CSI‐RS (NZP), or Synchronization Signal Blocks (SSB) and CSI‐IM along with the BWP to be used for CSI measurement at UE end. A CSI resource configuration contains more than one CSI resource set (RRC IE: NZP‐CSI‐RS‐ResourceSet). A UE can be configured with a CSI resource set consisting of a single (with multiple ports, up to Max: 32 ports) or multiple CSI‐RS resources, or SS block resource(s). SSB resources are used for beam measurements and reporting purposes. Based on these resources sets, the current DL channel state is measured by a UE and is reported to the gNB. The periodicity of a CSI resource configuration can be periodic, semi‐persistent, or aperiodic in type. ●●

CSI Parameters Reported by UE (RRC IE: reportQuantity)

PMI/RI – A PMI and RI indicate the appropriate precoding matrix for a particular rank or layer that may be used for the next DL MIMO transmission, over the PDSCH, by the gNB to the reporting UE. The purpose of a precoding matrix was mentioned earlier in Section 19.6.10.4. A precoding matrix, containing the complex value (j), used for MIMO transmission, is defined in terms of a codebook. A codebook is defined for each layer of a MIMO transmission. The number of columns in a precoding matrix is equal to the number of layers used for a MIMO transmission. Layer Indicator – The LI parameter indicates the particular layer, or column in a codebook, that the UE measures to be the best layer among the layers reported as part of a PMI. CQI – A CQI from a UE indicates its desired MCS to be used by the gNB for DL transmission over the PDSCH. CQI indices are defined for the different MCSs, i.e. QPSK–256 QAM. Refer to Table 5.2.2.1‐2 to 4 in TS 38.214 [109] for CQIs for different MCS. A UE reported CQI is used as part of an NR DL link adaption procedure, which shall be described later in Section 19.6.19. CRI – The CRI parameter indicates the preferred beam as measured and considered by the UE in case multiple beams transmission is used by the gNB. SSBRI – The SSBRI parameter indicates the preferred SS block as measured and considered by the UE in case multiple beams transmission is used by the gNB. A typical reporting of the above CSI parameters from a UE to the gNB is illustrated in Figure 19.71 for four CSI‐RSs, with two ports each, and four beams using a single panel antenna structure. As illustrated in Figure 19.71, Single Panel Antenna

N1 = 2 N2 = 2 #of CSI-RS Ports = 2 x N1 x N2 = 2 x 2 x 2 = 8 CSI Port: x CSI Port: y

gNB CSI Feedback with IE: ReportQuantity = PMI, RI, CRI, CQI UE

Figure 19.71  Illustration: Type I CSI reporting with a single‐panel antenna structure.

431

432

Mobile Communications Systems Development

the best or strongest beam as considered by the UE is shown to be the dark one, i.e. Beam #3. Thus, the UE will report the CRI along with other CSI such as the PMI and RI of the strongest beam to the gNB. Types of CSI reporting and antenna ports layout dimensions, N1 and N2, are described below. ●●

Types of CSI Reporting

Based on the usages for different types of MIMO transmissions, a CSI reporting from a UE to gNB is classified as Type I, for a SU‐MIMO transmission, and Type II, for MU‐MIMO transmission, as identified by the RRC layer IE: codebookType. Further, based on the cross‐polarized antenna panel structures being used for MIMO transmission, Type I CSI is divided into a single panel and multipanel CSI. A MIMO antenna panel contains the arrangement of physical antennas having an array of N1 rows and N2 columns. The number of antenna panels (Ng) used, along with N1 and N2, in case of multipanel MIMO transmissions is specified by the RRC layer as part of CSI codebook configuration toward a UE. For a single panel transmission, the N1 and N2 parameters are specified by the RRC layer through its IE: CodebookConfig  ‐> …n1‐n2. For multipanel transmissions, the N1, N2, and Ng parameters are specified by the RRC layer through its IE: CodebookConfig ‐> …ng‐n1‐n2. For a given number of CSI antenna ports (4, 8, 12, 16, 24, and 32 ports) and using the N1 and N2 dimensions, there can be more than one way of arranging the physical antennas on an antenna panel, both single and multiple panels. For example, from Table 5.2.2.2.1‐2 in TS 38.214 [109], the physical antennas used for a MIMO transmission can be arranged in (4,4), (8,2), or (16,1) ways on a single panel with 32 antenna ports being used for the CSI‐ RSs. Refer to Table 5.2.2.2.1‐2, for a single panel, and Table 5.2.2.2.2‐1, for multipanel, TS 38.214 [109], for the supported MIMO antenna configurations for given CSI‐RS antenna ports. In the case of the single panel MIMO transmission, the number of antenna ports used for the CSI‐RSs is equal to 2 × N1 × N2. In the case of multipanel MIMO transmission, the number of antenna ports used for the CSI‐RSs is equal to 2 × Ng × `N1 × N2. Figure 19.71 illustrates a Type I CSI reporting with four beams using a single panel antenna structure and eight CSI‐RS ports, with two ports for each CSI‐RS. Refer to Table 5.2.2.2.2‐1, TS 38.214 [109] for the possible layouts of eight CSI‐RS antenna ports with N1 = N2 = 2. ●●

Number of Rank Indication in CSI

The maximum rank indication (RI) or transmission layers that can be reported by a UE as part of a codebook‐ based CSI to the gNB depend on the type of the CSI. For the Type I single panel codebook‐based CSI reporting, a UE can report up to eight layers or rank. For the Type I multipanel codebook‐based CSI reporting, a UE can report up to four layers or rank. For the Type II codebook‐based CSI reporting for MU‐MIMO transmissions, a UE can report up to two layers or rank only, i.e. the gNB can transmit over two layers only per UE. ●●

Codebooks for CSI Reporting

A codebook contains a precoding matrix (W), containing the complex value (j), for MIMO transmission. A precoding matrix is used to map the data from single or multiple layers for transmissions through multiple antennae with appropriate weights or scaling factors such as ½ or 1/ 2. A codebook is defined for each layer of MIMO transmission and contains a precoding matrix in a predefined table. A codebook or precoding matrix index corresponds to an index into a predefined table. For example, consider the codebook defined in Table 5.2.2.2.1‐1 in TS 38.214 [109], which is used for reporting of a Type I Single panel CSI with 2 CSI‐RS ports. There are four indices (0–3) for a one‐layer codebook and two indices (0 and 1) for a two‐layer codebook. But as the number of layers and the CSI‐RS ports increases, the size of a codebook also increases, which would increase the payload size for UL control information. To avoid this, a UE reports certain indices, as part of a Type I and Type II CSI reporting, based on which the gNB computes the desired codebook or PMI to be used for DL MIMO transmission. For such different indices reported by a UE to gNB for deriving a Type I or Type II codebook, refer to TS 38.214 [109]. For example, in the case of Type II CSI reporting, a UE reports indices for sub‐band amplitude value set mapping, oversampling factors (O1, O2), combinatorial coefficient, number of beams configured (L), and so on. Refer to TS

5G NR Air Interface: User Plane Protocols

38.214 [109] for more information on the entire CSI reporting framework used by the NR and TS 38.331 [116] for CSI‐related configurations performed by the RRC layer. For more supplementary information, the reader may refer to the 3GPP TDocs [142–150] listed in the references section.

19.6.18  Modulation and Coding Schemes (MCSs) As with other communications systems, modulation is another fundamental function performed by the NR physical layer as part of the physical layer channel processing chain, in both the DL and UL directions, described in Section 19.6.10. A modulation process converts the encoded information into complex‐valued symbols for further mapping into the REs of a PRB for transmission over an antenna port. Each subcarrier of a PRB can be modulated using different modulation schemes such as the QPSK, 16 QAM, 64 QAM, and 256 QAM to transmit a different number of bits, which is the modulation order, of a particular modulation scheme. For example, on an SC, 8 bits of information can be transmitted over an OFDM symbol using the 256 QAM. Similarly, 7 bits of information can be transmitted over an OFDM symbol using the 64 QAM. Thus, as the modulation order increases, the data throughput as well as the spectral efficiencies also increases accordingly over a particular carrier frequency. Table 19.14 lists the different MCSs used over the NR air interface for different types of physical channels in the UL and DL directions. From Table 19.14, it appears that the control channels (PDCCH, PBCH, and PUCCH) have fixed MCS at a lower rate, whereas the physical channels, i.e. PUSCH and PDSCH, carrying user traffic are allocated MCS with varying data rates based on radio conditions. Generally signaling information is sent using the lower coding scheme that includes more redundant error recovery information. For example, the QPSK modulation scheme is used to transmit information over the PBCH; the 16 QAM or 64 QAM or 256 QAM modulation scheme may be used to transmit information over the PDSCH from the NG‐RAN/gNB to a UE depending on prevailing radio conditions. ●●

UE Determination of Transport Block Size

The higher the coding scheme, or modulation order, the greater the throughput of data services to a UE and its subscriber as less error recovery but more user traffic/information is transmitted per unit of scheduling. Similar to the LTE system, in the NR system also, information sent by a UE is scheduled in a given TTI. In the LTE system, the TTI is fixed i.e. 1ms. However, in the NR system, TTI varies from 1ms to a fraction of it depending on the subcarrier spacing being used. Over a TTI, up to two transport blocks may be transmitted. But the amount of information to be carried in a transport block is determined from the corresponding MCS index and order which is assigned to a UE through the DCI from the NG‐RAN/gNB. The NR physical layer defines 31 such MCS indexes/ orders along with their code rates. Refer to Tables 5.1.3.1‐1/3 and 6.1.4.1‐1/2 in TS 38.214 [109] for the list of MCS indexes defined for the NR DL and UL shared channel. From a given MCS index and the number of RBs allocated to a UE, the corresponding transport block size can be derived in association with Table 5.1.3.2‐1 in TS 38.214 [109]. Table 19.14  NR physical channel types and their MCSs. Channels/Signals

MCSs

Multiplexing

PUSCH

QPSK, 16/64 QAM

Spatial Multiplexing

PUCCH

π/2‐BPSK, QPSK

–

PDSCH

QPSK, 16/64/256 QAM

Spatial Multiplexing

PBCH, PDCCH

QPSK

–

Reference Signal

No

No

PSS, SSS

No

No

433

434

Mobile Communications Systems Development

19.6.19  Link Adaptation Procedure One of the most troublesome areas of a mobile communications network is the air interface between MS/UE and its radio access network (RAN). Air interface issues arise from poor radio conditions, which are dynamic in nature because of various environmental reasons. This would result in erroneous data at the receiving end and further lead to poor throughput as experienced by mobile users because of retransmission requirements of information between MS/UE and the RAN. The RRM procedure at the RAN end should be able to adapt dynamically to the changing radio conditions by adjusting the current transmission parameters being applied to the existing radio resources which were allocated to a UE. Similar to the previous generation mobile communication systems, the procedure to adapt to the prevailing radio conditions by adjusting the current transmission parameters, between a UE and NG‐RAN and vice versa, over the air interface is called Link Adaptation (LA) procedure. An LA is performed in DL as well as the UL directions of data transmission between UE and RAN and vice versa. An LA procedure works closely with the scheduling procedure of an NG‐RAN. An LA for the ongoing user/UE data session is performed in terms of the modifications of the existing transmission parameters of an MCS that was allocated by the NG‐RAN to a UE. Note that an LA is performed on the channels carrying user traffic only whose MCS can be modified to adapt to the changing radio conditions. However, no LA is performed on the channels carrying signaling information as they are allocated lower order MCS, Table 19.14, which remains fixed with sufficient error correction information so that signaling information is delivered reliably. As a result of the LA procedure, a new MCS with a higher or lower modulation order may be allocated to UE. The modulation order is the number of bits transmitted per modulated symbol or resource element of a PRB. The NG‐RAN informs the allocation of a new MCS to a UE as a DCI over the physical layer signaling PDCCH. Each MCS is associated with a transport block size at the MAC layer. Higher the MCS index, the higher the coding rate, transport block size, which would result in a higher throughput over a transmission time interval (TTI). MCS index and its transport block size determination have been described in Section 19.6.18. ●●

Downlink LA

DL LA procedure at the NG‐RAN/gNB works based on the DL channel quality information (CQI) as measured and reported by an MS/UE over the UL PUCCH or PUSCH as part of a CSI to the gNB. A UE measures the quality of the DL RS and reports the CQI index to gNB, indicating the MCS whose transport BLER does not exceed a certain threshold. The gNB may use the UE reported CQI/MCS in the next DL transmission. NG‐RAN CQI indexes along with their modulation schemes, and coding rate are defined in Tables 5.2.2.1‐2, 5.2.2.1‐3, and 5.2.2.1‐4 in TS 38.214 [109]. The code rate shown in these tables represents the number of user data or information bits transmitted per 1024 bits. The code rate increases as the modulation scheme increases. This means that the higher the modulation scheme, the lesser the redundancy information (leaving more room for user data) added to the user data by the physical layer during the channel coding process. The efficiency of a particular modulation scheme can be obtained by multiplying the code rate by the modulation order. The relationship between CQIs and their throughputs is illustrated in Figure 19.72 from QPSK to 64 QAM. The coding rate decreases whenever there is a change in the modulation order from QPSK to 16 QAM and 16 QAM to 64 QAM. Following this, the coding rate increases again as the MCS increases; see Figure 19.72. The coding rate is defined as the ratio of the (MAC layer transport block size + Length of CRC) to the number of RE available for user data transmissions. ●●

UL LA

UL LA procedure at the NG‐RAN/gNB works based on the UL SRS sent by a UE to the gNB. Using the SRS measurements, channel quality over a section of bandwidth is measured over the prevailing various environmental conditions, and an appropriate MCS is selected for transmission in the UL direction. UL SRS was described earlier in Section 19.6.12.2.

5G NR Air Interface: User Plane Protocols Higher MCS, Improved RF state 64QAM

NR CQI

Transport Block Size

16QAM QPSK

User Data Throughputs

Figure 19.72  Illustration: NR CQI (MCS) vs. data throughput.

19.6.20  Random Access (RACH) Procedure As mentioned earlier in Section 19.5.3, UE MAC and physical layer perform their tasks associated with an NR random access procedure. Also, the UE MAC layer controls the random access procedure‐related tasks performed by its physical layer. Various aspects of the random access procedure concerning the UE physical layer are described below. ●●

Purpose of a RACH Procedure and its Resources

Following the successful selection of a physical layer cell as described in Section 19.6.13, a UE is further required to register itself with the core network to provide communication services to its user. To register with the core network, a UE performs the random access procedure toward the NG‐RAN which is similar to the LTE system. Before the RACH procedure, a UE acquires the contents of the System Information Block Type 1 (SIB1) which is sent by the NG‐RAN, in the DL direction. SIB1 contains the RACH procedure‐related information (RRC layer: SIB 1 ‐> ServingCellConfigCommonSIB) for UEs of the selected cell using which a UE requests the NG‐RAN to allocate UL resources to it. ●●

Difference Between an NR and LTE Random Access Procedure

As described earlier in Section 19.5.3, the overall message (Msg1–Msg4) flow of a random access procedure is the same in both LTE and NR systems. However, as far as the mmWave transmissions/receptions are concerned, there is a difference between an NR and LTE random access procedure. In the case of mmWave transmissions/ receptions in the NR system, a UE requires to detect and select the best beam, as described earlier in Section 19.6.14. An NR UE initiates a random access procedure over the selected beam. However, no such mmWave transmission/reception and function for detection and selection of a beam exists in the case of the LTE system. Another difference is the possibility of usages of multiple RACH occasions, unlike one RACH occasion in the LTE system, in the NR system within a particular subframe which will be described in the subsequent section. ●●

RACH Preamble

Similar to the LTE system, an NR UE RACH procedure begins by transmitting a preamble in the UL direction toward the NG‐RAN. A preamble is generated from cyclic shifts of root Zadoff–Chu sequence which is also used to generate a preamble sequence in the LTE system. The length of a preamble sequence can be 839 or 139, which is also the preamble sequence length used in the LTE system. There are 64 preambles (0…63) defined for an NR cell. All of the 64 preambles may not be available for use during a contention‐based as well as contention‐free random access procedure by UE. Some of the preambles may be used for other purposes also. The total number of preambles available for contention‐based and contention‐free random access procedure is configured by the RRC layer through IE RACH‐ConfigCommon ‐> totalNumberOfRA‐Preambles,

435

436

Mobile Communications Systems Development

are further grouped into two groups – Group A and Group B – similarly as in the case of the LTE system. Further, the total number of RACH preambles available under Group A is configured by the RRC layer IE: RACH‐ ConfigCommon ‐> numberOfRA‐PreamblesGroupA. Thus, the total number of RACH preambles available under Group B will be totalNumberOfRA‐Preambles – numberOfRA‐PreamblesGroupA. All these parameters are used by the MAC layer as part of its random access procedure at UE end. A preamble is transmitted over the PRACH using the antenna port 4000. Depending on the SCS used, a PRACH preamble can have two formats: long preamble (sequence length  =  839) and short preamble (sequence length = 139), as described in Tables 6.3.3.1‐1 and 6.3.3.1‐2 in TS 38.211 [106]. Preamble format with sequence length 839 and FR1 SCS 1.25 and 5 kHz has four formats. Preamble format with sequence length 139 and FR1 SCS 15 and 30 kHz and FR2 SCS 60 and 120 kHz has nine formats. Further, preamble formats can be of restricted as well as unrestricted types. Preamble formats 0–3 with sequence length = 839 are in restricted types – Type A and Type B, and preamble formats A1‐A3, B1‐B4, C0, and C2, with sequence length = 130, are unrestricted type as listed in Tables 6.3.3.1‐1 and 6.3.3.1‐2 in TS 38.211 [106]. The type of preamble to be used in a cell is specified by the RRC layer through the IE: RACH‐ConfigCommon → restrictedSetConfig. ●●

Preamble Sequence and CP Length

Similar to the LTE preamble, the NR preamble also consists of a CP and the Zadoff–Chu sequence. The length of the CP and the preamble sequence for each preamble format vary across the SCSs as well as different preamble formats. Further, in a particular preamble format, the preamble sequence is repeated, as described in tables 6.3.3.1‐1 and 6.3.3.1‐2 in TS 38.211 [106]. Figure 19.73 illustrates the structure of preamble formats, in the case of long sequence (839), with CP (Ncp) and repetition of a preamble sequence (Nu) for SCS 1.5 and 5 kHz. For the actual duration of the CP and preamble sequence, refer to Table 6.3.3.1‐1 in TS 38.211 [106]. Example 19.12 illustrates the calculation of the duration of the cyclic prefix and the preamble sequence of a particular preamble format. ●●

Time‐Domain Resource for PRACH

Similar to the mapping of other physical channels into time and frequency resources, PRACH used for random access procedure is also mapped to the NR resource grid in the time domain. Time‐domain resource information such as the preamble format, subframe, timeslots, start symbol, the number of PRACH symbols within a slot, and so on is provided through RRC layer IE: RACH‐ConfigGeneric ‐> prach‐ConfigurationIndex(0…255). A PRACH configuration index points to a particular row of Tables 6.3.3.2‐2, 6.3.3.2‐3, and 6.3.3.2‐4 in TS 38.211 [106] giving the time‐domain resources for a RACH procedure under FR1, FR2 as well paired (FDD)and unpaired (TDD) spectrum. CP 3168k CP 21024k CP 4688k CP 3168k

Sequence

PRACH Preamble Format 0

24576k Sequence 24576k Sequence 24576k Sequence 6144k

Sequence

PRACH Preamble Format 1

24576k Sequence

Sequence

24576k

24576k

Sequence

Sequence

6144k

6144k

Sequence

Format 2

24576k Sequence

Format 3

6144k

Figure 19.73  Illustration: NR RACH: CP and preamble sequences lengths for SCS: 15 and 5 kHz.

5G NR Air Interface: User Plane Protocols

Example 19.12  Consider the Calculation of the Duration of CP and Preamble Sequence for the Preamble Format 3 with SCS 5 kHz. Time Unit = Tc = 1/(480000* 4096) seconds (TS 38.211 [106], Section 4.1) From Table 6.3.3.1‐1 in TS 38.211 [106]: Duration of Cyclic Prefix  =  3168 k  =  3168 * 64 Samples  =  3168*64*Tc Seconds  =  (3168 *64)/ (480 000*4096) = 0.103125 millisecond Duration of Preamble Sequence  =  4 * 6144 *k  =  4*6144*64 samples =4*6144*64*Tc Seconds  =  0.8 millisecond.

●●

Frequency Domain Resource for PRACH

Frequency domain resources for the RACH procedure are provided to UE over the RR layer IEs: RACH‐ConfigGeneric  ‐> msg1‐FDM and msg1‐FrequencyStart. IE msg1‐FDM provides the number of PRACH occasions which is frequency division multiplexed (FDMed) in a one‐time instance. IE msg1‐FrequencyStart provides the offset of lowest PRACH transmission occasion, within the active UL BWP, in the frequency domain concerning PRB 0. ●●

RACH Occasion

Another difference between LTE and NR system RACH procedure is the usages of multiple RACH occasions in the NR system. A RACH occasion indicates the frequency and time‐domain resources or location during which a UE transmits a RACH preamble to the NG‐RAN. In the LTE system, there is only RACH occasion, occupying 6 RBs in the frequency domain and 1 subframe in the time domain. On the other hand, in the NR system, multiple RACH occasions are possible in the frequency domain as well as in the time domain. This can be observed by comparing Tables 6.3.3.2‐2–6.3.3.2‐4 in TS 38.321 [113] and Tables 5.7.1‐2 and 5.7.1‐3 in TS 36.321 [93]. –– Number of RACH occasions in the frequency domain in a one‐time instance The maximum number of RACH occasions, in a one‐time instance only, in the frequency domain in the NR system is 8, which is specified by the RRC layer using the RACH‐ConfigGeneric  ‐>  msg1‐FDM. Refer to TS 38.331 [116]. –– Number of RACH occasions in different time instances in the time domain The RRC layer provides the RACH resources to be used by the UEs through the IE: prach‐ConfigurationIndex, which is an index into a row of Tables 6.3.3.2‐2–6.3.3.2‐4 in TS 38.321 [113] for FR1 as well as FR2 and paired (FDD) as well as unpaired (TDD) spectrum. From these tables, a prach‐ConfigurationIndex provides the following RACH‐related resources information to a UE: a) Preamble format, for short (A1…A3, B1…B4, C0, C2) and long format (0–3); b) Odd or even frame, which is derived based on the system frame number; c) Subframe number in case of FR1 with 15 kHz SCS and timeslot within a subframe in case of FR2 with 60 kHz SCS (which may contain a varying number of timeslots, based on an SCS or numerology; refer Figure 19.22; d) Starting symbol within a slot; e) Number of PRACH slots within a subframe; f) Number of time‐domain PRACH occasions within a PRACH slot; and g) PRACH duration. In the time domain, the number of RACH occasions within a slot ((e) above) is specified under the column number of time‐domain PRACH occasions within a PRACH slot ((f) above). A slot may contain one RACH occasion.

437

438

Mobile Communications Systems Development

As seen from Table 6.3.3.2‐4 in TS 38.211 [106], the maximum number of PRACH occasions within a slot is 7. Multiplication of (e) and (f) shall provide the total number of RACH occasions in the time domain. Example 19.13 illustrates the calculation of the actual starting location of the OFDM symbol for transmission of a RACH preamble for a given preamble format and RACH occasion. –– Number of SSB per RACH occasion As described earlier in Section 19.6.14 and illustrated in Figure 19.65, an SSB is associated with a particular beam, and a UE requires selecting the best beam as part of its beam selection procedure. A UE transmits the RACH preamble to the NG‐RAN over the selected beam within a particular RACH occasion. Thus, the NG‐RAN learns about the beam being selected by the UE based on the RACH occasion used to transmit the preamble with the associated RA‐RNTI. For this purpose, the NG‐RAN RRC layer configures the number of SSB per RACH occasion and preambles per SSB to the UE through the RRC layer IE: RACH‐ConfigCommon  –> ssb‐perRACH‐OccasionAndCB‐ PreamblesPerSSB, which can start from OneEight(1/8) SSBs to sixteen (16) SSBs per RACH occasion. Example 19.14 describes and illustrates the association of SS blocks and distribution of the entire 64 RACH preambles of NR to different RACH occasions. Example 19.13  Calculation of OFDM Symbol Locations for RACH Preamble Occasions Within a PRACH Subframe and its Timeslots Let us calculate the OFDM symbol position (tstart l) for each PRACH occasion within a subframe and its timeslot(s) where a RACH preamble is being transmitted using FR2 in FDD for a given prach‐ConfigurationIndex = 41, Table 6.3.3.2‐4 in TS 38.211 [106]. The OFDM symbol positions (tstart l) can be calculated using the formula described in Section 5.3.2 in TS 38.211 [106]. From Table 6.3.3.2‐4 in TS 38.211 [106] and for prach‐ConfigurationIndex = 41 a)  Preamble format = A2 b)  Frame: Even (as y = 0) c)  TSLs = 19, 39 d)  Starting symbol within a slot(l0) = 5 RA =1 e)  Number of PRACH slot within a subframe nslot f)  Number of time‐domain PRACH occasions within a PRACH slot ntRA=2, i.e. Two (0,1) RACH occasions in a slot RA  =  4 g)  PRACH format A2 duration Ndur From Section 5.3.2 in TS 38.211 [106], the actual starting OFDM symbol position for each RACH occasion (total two RACH occasions as per (f) above) with the slot, as per (e) above, is given by the following formula.

l

l0

RA RA ntRA Ndur 14 nslot

“© 2019. 3GPPTM TSs and TRs are the property of ARIB, ATIS, CCSA, ETSI, TSDSI, TTA and TTC who jointly own the copyright in them. They are subject to further modifications and are therefore provided to you “as is” for information purposes only. Further use is strictly prohibited”. Using the above equation, Actual starting OFDM symbol location for transmitting preamble with format A2 for PRACH occasion #1: l = 5 + (0 × 4) + 14 × 1 = 19; Actual starting OFDM symbol location for transmitting preamble with format A2 for PRACH Occasion #2: l = 5 + (1 × 4) + 14 × 1 = 23. The above RACH occasions are illustrated in Figure 19.74.

5G NR Air Interface: User Plane Protocols

Figure 19.74  Illustration: NR RACH occasions for FR2 and FDD modes.

Frequency

RACH Occasions

TSL # 19 TSL # 20

0 1 2 3 4 5 6 7 8 9 10 1112 13 14 15 16 17 1819 20 2122 23 24 25 2627 0

14 OFDM Symbols

13 0

5 14 OFDM Symbols

13 Time

Frequency TSL # 39

RACH Occasions

TSL # 40

0 1 2 3 4 5 6 7 8 9 101112 1314 15161718 1920 2122 2324 2526 27 13 0

0 14 OFDM Symbols

5

13

14 OFDM Symbols Time

Depending on the actual OFDM symbol location of a PRACH occasion as calculated above, a preamble may be transmitted in the next immediate TSL, e.g. TSL 20 and TSL 40 above, following the slot provided under the prach‐ConfigurationIndex ((c) above). From the tables mentioned above, different possibilities of RACH occasions in the NR system can be represented graphically as illustrated above under FR1 and FR2 with paired and unpaired spectrum used in different cells.

●●

Processing RAR

After transmitting a RACH preamble, a UE is expected to receive a RACH response from the NG‐RAN within the RACH response window (ra‐ResponseWindow) time. For this purpose, the UE physical layer monitors the PDCCH from the NG‐RAN for a DL control information (DCI 1_0) whose CRC is scrambled with the corresponding RA‐ RNTI which was transmitted by UE along with preamble. If the UE physical layer receives a transport block, correctly sent over PDSCH, it will pass the same to the MAC layer for its further processing. On the other hand, if the UE physical layer does not receive a RAR within the RACH response window time, the UE physical layer will retransmit the PRACH to the NG‐RAN. Thus, a separate acknowledgment, i.e. HARQ‐ACK from UE to NG‐RAN, is not required for a successfully processed RAR decoded from the PDSCH transmitted by the NG‐RAN. A PRACH may be also retransmitted if the transport block provided over the PDSCH as part of RAR is not correct. For more information on the task performed by the physical layer as part of the processing of a RAR, refer to TS 38.213 [108]. ●●

Acknowledging on Successful Decoding of CRI

On successfully decoding its own CRI from the DL PDSCH as described earlier in Section 19.5.3 and Figure 19.10, the physical layer of a UE responds with a UL control information, i.e. HARQ‐ACK over PUCCH to the NG‐RAN, as part of a successful contention‐based random access procedure. For more information on the task performed by the physical layer as part of a CRI, refer to TS 38.213 [108].

19.6.21  NR Radio Resources Management (RRM) Procedure One of the important functions performed by the base station of a mobile communication network, in general, in uplink and downlink directions is the Radio Resources Allocations and Managements (RRM) procedure. An RRM

439

440

Mobile Communications Systems Development

Example 19.14  Association of NR SS blocks to different RACH occasions. Consider the case of 4 RACH occasions #0–3 in the frequency domain, i.e. RACH‐ConfigGeneric ‐> msg1‐FDM = 4 and SSB per RACH occasion as well as preambles per SSB as 4, i.e. RACH‐ConfigCommon–>ssb‐perRACH‐ OccasionAndCB‐PreamblesPerSSB  =  4. The associations of SSBs to different RACH occasions in frequency (msg1‐FDM) and time domain for the entire 64 preambles available in the NR system can be represented as illustrated in Figure 19.75 by following the rules mentioned in Section 8.1 in TS 38.213 [108]. Frequency

……………….

SSB #12 To SSB #15 RACH Occasion #3

……………….

SSB #8 To SSB #11

#of SSB per RACH occasion = 4 #of Preambles per SSB = 4 Preamble Index = 48 to 63 #of SSB per RACH occasion = 4 #of Preambles per SSB = 4 Preamble Index = 32 to 47

RACH Occasion #2 ……………….

SSB #4 To SSB #7 RACH Occasion #1

……………….

SSB #0 To SSB #3

#of SSB per RACH occasion = 4 #of Preambles per SSB = 4 Preamble Index = 16 to 31 #of SSB per RACH occasion = 4 #of Preambles per SSB = 4 Preamble Index = 0 to 15

RACH Occasion #0 PRACH Slot: X–1

PRACH Slot: X

Time

Figure 19.75  Illustration: NR RACH occasions in frequency domain.

procedure deals with the allocation, re‐allocation, and release management of the precious and shared radio resources or spectrum among the users/UE of a mobile communication network in uplink and downlink directions. An RRM procedure is an implementation‐dependent and system‐specific (i.e. GSM, GPRS, UMTS, E‐UTRA, and NG‐RAN) procedure that is performed by a base station of a mobile communication network in association with an MS/UE in its idle, inactive (5GS only), and connected state. An RRM procedure is required to be an efficient one for optimum utilization of the system as well as the radio spectrum resources of an operator. This is especially important for the 5G NR system, considering its different network slices using which different types of communication services under its different use cases are provided to users. Thus, an RRM procedure plays a critical role as it may directly impact the performance of its base station as well as the quality of services to users. The previous generation of mobile communication systems and networks were a kind of one‐size‐fits‐all network, providing primarily voice and data services, requiring a simpler RRM procedure. However, the 5G system provides different types of services, through different network slices, with specific QoS characteristics and requirements under a particular use case – i.e. eMBB, or URLLC, or mIoT, etc. Further, each use case of the 5G system serves different industry verticals and deployment scenarios (indoor, private network, etc) with different types of traffics generated by heterogeneous devices. The entire RRM procedure of the 5G system, which consists of several collective sub‐tasks or areas that are responsible for different areas/aspects of an RRM procedure, is illustrated in Figure 19.76. Considering the different use cases, industry verticals, and deployment scenarios along with the usages of multiple subcarrier spacings architecture and mmWave transmissions and receptions over NR, the network slice–aware RRM procedure for

5G NR Air Interface: User Plane Protocols

[eMBB]

Measurements Section# 19.6.16

UE States and Mobility Section# 18.5.5

Industry Verticals [mIoT]

Multiple Antenna Transmissions Section# 19.6.10.3

Industry Verticals

UE Scheduling Section# 19.5.2

5G Radio Resource Management Rel. 15 (Foundation)

Admission Control Section# 18.5.6

Resources Configurations Section# 19.6.21

Link Adaptation Section# 19.6.19

Beam Management Section# 19.6.14

Industry Verticals [URLLC]

Figure 19.76  Illustration: 5G NR RRM procedure and its sub‐tasks for different use cases.

the 5G NR system is much more complex than the previous generation’s mobile communication system RRM procedure. Except for the 5G system–specific RRM procedure and its sub‐tasks or areas as illustrated in Figure 19.76, the remaining RRM procedure and its sub‐tasks or areas are found, in general, across the different systems, i.e. GSM/GPRS, UMTS, LTE, etc. However, the typical RRM sub‐tasks or areas shown in Figure 19.76 are system implementation–specific across the GSM to the 5G system. The NR beam management, as described earlier in Section 19.6.14, is new to the 5G system and its RRM procedure. Different tasks associated with an NR RRM procedure, except the resources configuration shown in Figure 19.76, have been already described earlier under different sections with respect to the 5G system. The corresponding section of an RRM sub‐task is also indicated in Figure 19.76, against each sub‐task. From these descriptions, it is clear that the entire RRM procedure spans across several layers of the NR, i.e. RRC, MAC, and physical layer, and their technical specifications. The typical resources configurations task (see Figure 19.76) associated with an NR RRM procedure used in a 5G system is described in the following text. ●●

Radio Resources Configurations and Allocations

The radio resources for different cell sites are planned and configured by the network planning and optimization (RNPO) group of a network operator. Using these radio resources, the RRM procedure of a base station grants admissions and allocates resources to UEs dynamically. Further, radio resource modifications, i.e upgrade or downgrade, are also performed dynamically by the RNPO group. Apart from the RRC, MAC, and physical layer and their processes, the entire RRM procedure may consist of several other processes, each one handling a particular area, such as an uplink scheduler, downlink scheduler, Link Adaptation, intra‐RAT or inter‐RAT RF measurements, etc., of the RRM procedure. Figure 19.77 illustrates a central O&M RRM process at the NG‐RAN end, which configures the network slice–specific or slice/service type (SST) radio resources, in terms of BWP, to the other NR RRM processes at the gNB end. A BWP can be an initial, default, or an additional/dedicated type, as described earlier in Section 19.6.7.

441

442

Mobile Communications Systems Development RRM Process ‘B’

NG-RAN O&M RRM Process ‘A’

BWP_Add_Request (BWP-ID, SST, cell id…) BWP_Add_Ack (BWP-ID) ……………………………. BWP_Upgrade_Request (BWP-ID, SST, cell id,..) BWP_Upgrade_Ack (BWP-ID)

...

UE

RRCReconfiguration RRCReconfiguration Complete RRCReconfiguration RRCReconfiguration Complete

……………………………. BWP_Downgrade_Request (BWP-ID, SST, cell id) BWP_Downgrade_Ack (BWP-ID) …………………………….

RRCReconfiguration RRCReconfiguration Complete

BWP_Release_Request (DIR, BWP-ID, SST, cell id RRCReconfiguration BWP_Release_Ack (BWP-ID)

RRCReconfiguration Complete

Figure 19.77  Illustration: Configuration of RRM Messages Flow in NG‐RAN/gNB

Figure 19.77 also illustrates the conceptual (as well as implementation‐dependent message) flow between two NR RRM processes for allocation and modifications (upgrade/downgrade) of an additional BWP to a UE as part of the RRM procedure. Releasing of a BWP is also illustrated in Figure 19.77. The receiving RRM process at the gNB end will pass‐on slice‐specific radio resources information to other RRM processes, say the RRC layer, of the gNB. The RRC layer, using its signaling messages, configures and provides radio resources information to a UE or UEs, through system information, in a cell. Such a signaling message includes common, i.e. cell‐specific initial BWP, or dedicated, i.e. UE specific additional BWP, radio resources information as part of the NR RRM procedure. The RRC layer signaling message and its IE: downlinkBWP‐ ToAddModList or uplinkBWP‐ToAddModList are used to allocate an additional BWP to a UE in the downlink or uplink direction. An existing BWP may be also modified – i.e. increase or decrease the bandwidth of the bandwidth part using the same RRC layer signaling message. On the other hand, a BWP may be released using the RRC signaling message and its IE: downlinkBWP‐ToReleaseList or uplinkBWP‐ToReleaseList, and may be re‐assigned to other traffic purposes. To ensure resources (i.e. BWP), isolations, and protections among the different traffic classes, a corresponding network slice/service type (SST) information (e.g. eMBB, URLLC, mIOT) may be added as part of a BWP information. –– UE‐specific RRM procedure The NR RRM procedure may also apply UE‐specific configuration information while allocating radio resources to it. One such configuration information is the Index to RAT/Frequency Selection Priority, called an RFSP index (refer to TS 23.501[40]). An RFSP index is provided by the AMF to NG‐RAN, which is used to prioritize the allocation of resources by the NR RRM procedure. The RFSP index is used while UE is in an idle state (to help in cell reselection), or connected state (to help in a handover to different RAT).

5G NR Air Interface: User Plane Protocols

Figure 19.78  Illustration: RRM Allocation of Four BWPs to a UE for eMBB Use Case

UE BWP1 (SST: 1)

PRB0

...

…….

PRBn

BWP4 (SST: 1)

PRB0

0

...

PRBn 0

SCS

RRC IE: locationAndBandwidth

12 Sub Carriers

–– Radio Resources Allocation to UE As mentioned earlier, the NR RRM procedure deals with the allocation, re‐allocation, and release management procedures of radio resources dynamically at the cell as well as UE level, which may spread across the RRC, MAC, and Physical layer. Figure 19.78 illustrates the allocation of four BWPs to a UE for the eMBB use case purpose only (Slice/Service Type: SST=1). Radio resource isolation in NR is important to ensure that the services of one use case and its network slice do not impact the services of another user case and its network slice. Thus, the 5G NR RRM procedure must be a network slice–aware procedure. The bandwidth or the number of PRBs in a BWP and its subcarrier spacing to be used is provided through the RRC Layer IE: locationAndBandwidth from the gNB to a UE or UEs in a cell. ●●

Evolutions of the 5G RRM procedure

The NR RRM procedure and its sub‐tasks described earlier are the foundations for the 5G system as far as its Release 15 is concerned. The 5G system is further evolving into subsequent 3GPP releases, i.e. Release 16, Release 17, and beyond, with enhancements of existing features as well as introductions of new features, as described in Chapter 22, on top of Release 15. In parallel to this evolution, the NR RRM procedure and its associated sub‐tasks illustrated in the preceding text will also evolve accordingly, creating new requirements on top of the NR Release 15 RRM procedure to support new industry verticals, deployment scenarios, etc. The NR RRM of Release 15 shall act as the foundation RRM procedure for the subsequent 3GPP releases of the 5G system. Due to this, the NR Release 15 RRM procedure should be flexible/re‐usable enough to customize and incorporate release‐specific enhancements or new features, as described in Chapter 22, being introduced in the subsequent releases of the 5G system. The evolution of the NR RRM procedure for subsequent releases of the 5G system is illustrated in Figure 19.79.

Release17 and Release15 (Foundation) RRM

Release16

beyond….

Evolution of NR Radio Resources Management Procedure

Figure 19.79  Illustration: Evolution of the 5G NR RRM Procedure

443

444

Mobile Communications Systems Development

19.6.22  UE Transmit Power Control One of the important functions performed by the base station in a mobile communications system is the UE transmit power control (TPC) procedure that is required to maintain a proper radio link between an MS/UE and a base station. Mobile devices at a distance location require to transmit with a higher power in the UL than those closer to the base station. It is the responsibility of the base station power control procedure to ensure that all the mobile devices, especially those closer to the base station, do not transmit with the same power which would otherwise affect telecommunication services in the serving as well as interfere with the neighbor cells. The goal of a power control procedure is to minimize the transmitting, TX, the power required by the MS/UE or the base station while, at the same time, maintaining a good radio link between an MS/UE and base station/RAN element so that the information exchanged between them can be decoded successfully. Apart from this, a proper power control procedure between a UE/MS and the RAN is applied to reduce the impacts of the following in the serving network: –– Interference to other mobile users and neighboring cells; –– Spectrum inefficiencies; –– Triggering of unnecessary handover operation from one cell to another; and –– The battery power consumption of a UE. UE TPC procedure is applied across the different mobile communication systems. However, the procedure differs from GSM to the NR system. For example, though UE transmits power control procedure is similar in the LTE and NR systems, there is a fundamental difference between them. Refer and observe the formula used for the calculation of transmit power by a UE in LTE and NR systems in TS 36.213 [91] and TS 38.213 [108]. This is due to the beamforming transmission method being used in the case of the NR system. In the NR system also, a UE estimates a DL path loss as part of its transmission power adjustment. However, such a path loss calculation uses the beam‐based RS also which can be based on either SS/PBCH block or CSI‐RS. A set of RSs (RRC IE: PUSCH‐ PathlossReferenceRS/PUCCH‐PathlossReferenceRS) to be used by a UE in path loss calculation is provided by the NG‐RAN as part of its power control configurations/parameters to a UE. UE TPC parameters, RRC IE: PUSCH/ PUCCH‐PowerControl, are intimated along with the UL radio resources allocation messages sent to an MS/UE from the NG‐RAN. An exclusive command for power control procedure may be also sent from the base station/ RAN element to an MS/UE. 19.6.22.1  Types of Power Control Procedure in NR

In the NR system, UE TPC is applied for transmission over the physical channels  –  PUSCH PUCCH and PRACH – as well its physical signal – SRS. Based on the availability of feedback information from the NG‐RAN to a UE, two types of UE TPC procedures are applied in an NR network. ●●

Open Loop Power control

As the name implies, this procedure has no feedback information from an NG‐RAN to a UE. It is used during the initial network access through the random access procedure made by an MS/UE with initial allowed power. Similar to the LTE system, in 5G also, a UE sends the initial RACH preamble to make a random access request with the initial power specified by the preambleReceivedTargetPower parameter. A UE may retransmit the RACH preamble with ramped‐up power, as specified by the parameter powerRampingStep. These parameters are communicated by the NG‐RAN, i.e. RRC layer, as part of its system information to the UEs in a serving cell. Similarly, UE also adjusts its SRS transmission power in the UL direction. ●●

Closed‐Loop Power control

In a closed‐loop UE power control method, the NG‐RAN/gNB communicates and controls the transmit power of a UE or group of UEs in the UL direction through a 2‐bit long TPC command that is included as part of a DL control

5G NR Air Interface: User Plane Protocols

information to a UE; refer to TS 38.212 [107]. A UE adjusts its transmission power to be used for the PUSCH or PUCCH, over the active BWP, as per the feedback received in a TPC command from the NG‐RAN/gNB. Refer to Tables 7.1.1‐1 (PUSCH) and Table 7.2.1‐1 (PUCCH) in TS 38.213 [108] for more information on the mapping of TPC command to power adjustment to be applied by a UE for its PUSCH and PUCCH transmissions. 19.6.22.2  UE Transmit Power Determination Procedure in NR

In a serving cell and for a particular transmission occasion over the physical channels – PUSCH, PUCCH, and PRACH – and physical signal – SRS, a UE uses the minimum of the following power value as its transmit power: –– Maximum transmit power configured and allowed by the NG‐RAN for a carrier frequency: f in a serving cell: c, in association with TS 38.101 [102] and –– Transmit power calculation and adjustments. The following parameters are taken into account, in general, to calculate the UE transmit power calculation with adjustments. For the formulae and their actual parameters to be used for the determination of a UE transmit power over the PUSCH, PUCCH, RACH, and SRS in its serving cell, refer to Section 7 in TS 38.213 [108]. 1) Target power to be received by NG‐RAN/gNB, which is derived from several power calculation components as configured through RRC layer signaling IE: PUSCH/PUCCH‐PowerControl; 2) The amount of UL resource allocation in terms of RBs; 3) DL path loss calculation, taking into account beam‐based RS, i.e. SS/PBCH block or CSI‐RS, and its index represented by qd in the power calculation formula; 4) Transport format, i.e. MCS to be used; 5) Power adjustment, taking into account the active UL BWP, its carrier frequency, and the TPC command received through a DL control information from the NG‐RAN. If the calculated transmit power is smaller than the maximum transmits power configured by the NG‐RAN, then a UE will use the calculated transmit power for UL transmission; otherwise, the UE will use the maximum transmit power configured by the NG‐RAN. From the comparisons of a UE TPC procedure and their formulae used in LTE and NR systems, it can be observed that in the case of the LTE system, the UE power control procedure is applied over a subframe only in a serving cell. On the other hand, in the NR system, the UE power control procedure is applied in smaller granularity, i.e. at a UL BWP level with different SCSs (μ). Further, in the case of NR, a UE transmit power calculation also depends on the type of the UE UL scheduling (indicated by j in the formulae), which can be a dynamic grant or CS grant (ConfiguredGrantConfig), being used for granting UL resources to the UE.

19.6.23  Effect of Physical Layer on Data Throughputs The throughput of user data transmitted over the NR air interface may depend on the several typical factors of the physical layer, as highlighted below: –– Amount of radio resources allocated to the physical DL and UL shared channels; –– MCS assigned to a UE to modulate a resource element of an RB; –– Amount of redundant information added by the physical layer for error recovery, at the receiver end, even within a particular MCS; –– Usages of spatial multiplexing, e.g. 8 × 8, 4 × 4, 3 × 3, and so on, through multiple antenna transmissions; and –– Amount of radio resources consumed by the various physical signals such as the DMRSs. As described and illustrated earlier in Section 19.6.12, a PRB and its RE also carry the information of various physical signals and channels over the NR air interface. The number of RE occupied by the physical signals and

445

446

Mobile Communications Systems Development

channels is different, which further reduces the RE available for transmission of actual user traffic. Thus, the resource elements consumed by the individual physical signals and channels are considered as the overhead, which collectively reduces the overall bandwidth or throughput offered to users within a particular system bandwidth.

­Chapter Summary This chapter presented the NR air interface user plane protocol layers of the 5G system. The reader has learned that the NR Air interface Layer 2 consists of four sub-layers, namely the SDAP, PDCP, RLC, and MAC layer, whose functions and procedures are configured by the NR RRC at Layer 3. 5G NR air interface protocol layers perform functions and procedures that are similar to the LTE air interface protocol layers in several aspects. However, the NR air interface has also introduced several new functionalities based on which it envisages providing different services or uses cases as described in Chapter 16. These new functions and procedures greatly differentiate the 5G NR air interface even from the LTE system air interface. As described in this chapter and to provide low‐latency communication services by the NR system, some of the functions and procedures performed by RLC and MAC layers have been enhanced or reorganized in comparison to the same protocol layers found in the LTE system. Formats of PDU for different protocol layers were described in this chapter and indicated how such reorganization aims to achieve low‐latency communication services by the NR system. QoS model supported in the 5G system and differences in comparison to the LTE system was described. There are startling differences between the 5G NR and LTE systems at the physical layer level. Multiple SCSs or numerologies with different transmission bandwidths and the structure of RBs, transmission, and reception in terms of active bandwidth used in the 5G NR system were described. Transport code block group‐based retransmission, which is a new functionality in the 5G NR system, was described. Another major difference from the LTE system is the usages of mmWave transmissions/reception through the beamforming method, as described in this chapter. Various aspects of beam management and its impacts on the NR RACH procedure were also described.

447

20 5G Core Network Architecture ­Introduction The 5G core (5GC) network architecture also differentiates the overall 5G system from the core networks of the previous generation mobile communication systems. First of all, in 5GC, the control plane as well as user plane functions performed by a core network element are separated into software-based entities that are based on the 3rd Generation Partnership Project (3GPP) Release 13 feature called Control Plane and User Plane Separation (CUPS). Further, unlike the previous generation’s core network systems, the 5GC network entities or functions work in a service-oriented model where each network entity or function produces/consumes different network services. The 5GC network functions (NFs) communicate over HTTP, which is a new introduction into the core network of a mobile communication system by 3GPP. Also, 5GC enables the provisioning of different services with different Quality of Service (QoS), as described in Chapter 18. This chapter covers some of the key concepts of the 5GC and begins with the Release 13 feature called CUPS as the basis for the 5GC. Then, the service-based architecture (SBA) of 5GC is described as the framework of operation of different NFs. The chapter ends with the description of network function virtualization (NFV) that enables a 5G network as the means for scalability, maintenance, and network slicing to provision different services requirements.

20.1 ­Control Plane and User Plane Separation – CUPS Till the 3GPP Release 13, the Long-Term Evolution (LTE)/Evolved Packet Core (EPC) network entities, i.e. Serving Gateway (SGW) and Packet Data Network Gateway (PGW), performed control plane as well as user plane functions such as the allocation of an IP address to a User Equipment (UE), bearer management, GPRS Tunneling Protocol (GTP) path managements, and forwarding of user plane data of a UE/subscriber. Performing control plane as well as user plane functions by a single EPC network element has some form of limitations in terms of non-flexibility in deployment as well as non-scalability to increase the existing network capacity/sizing requirements that may arise from time to time. To alleviate such limitations, 3GPP introduced the CUPS feature, which is an architectural enhancement of LTE/EPC network elements, as part of its Release 14 feature. The control plane as well as user plane tasks performed by an LTE/EPC network entity have been separated/decoupled into two software-based entities/nodes of the same network element. For example, the control plane functions of SGW are performed by the SGW-C entity. Similarly, the user plane functions of SGW are performed by the SGW-U entity. The control plane functions of PGW are performed by the PGW-C entity. Similarly, the user plane functions

Mobile Communications Systems Development: A Practical Introduction to System Understanding, Implementation, and Deployment, First Edition. Rajib Taid. © 2021 John Wiley & Sons Ltd. Published 2021 by John Wiley & Sons Ltd.

448

Mobile Communications Systems Development

of PGW are performed by the PGW-U entity which is connected to an external IP network. Refer to TS 23.214 [34] for the tasks performed by the LTE/EPS SGW and PGW before and after the CUPS architecture. CUPS architecture enables a Software-Defined Networking (SDN) capability for a 5GC network, which results in a flexible core network in terms of enabling an operator to provide services dynamically to meet the businesses’ and consumer’s needs. From an OEM/system vendor and operator points of view, some of the benefits provided by the CUPS architecture/feature of a core network are as follows: ●●

●●

●●

●●

Evolution and enhancement of the control plane functions and procedures independently of user plane functions and vice versa; Expansion or scaling of network capacity through the deployment of additional user plane nodes only to meet increasing or on-demand data traffic; Deployment of user plane nodes in centralized or distributed topology, that is, nearer to a Next-Generation Radio Access Network (NG-RAN) and UE, which would reduce time, in terms of latency, to transfer user application data; and An OEM/system vendor may provide a user plane node as a separately licensed solution to an operator.

CUPS feature becomes the baseline/reference architecture for the 5G core network also where the control plane and user plane are separated into distinct entities or NFs. A single control plane entity of a network element can be deployed to cater to low signaling activities. On the other hand, more than one user plane entity/node can be deployed to meet heavy user traffic demands or to meet the scalability requirement of a 5G network. Due to multiple deployment scenarios of a user plane entity, its control plane entity uses a selection method to select a user plane entity. Thus, a control plane entity uses the deployment scenario of a user plane entity as one of its selection criteria. Also, the control plane entity provides information or rules which control the tasks, such as packet detection and forwarding functions and policy and charging control (PCC) functions performed by a user plane entity. A control plane entity, in CUPS, can control multiple user plan entities.

20.1.1  Impacts of CUPS Feature CUPS feature introduces new reference points and protocol between its control plane and user plane nodes, as described below. ●●

New Reference Points for CUPS

As part of CUPS feature and architecture, 3GPP defines the following new logical reference points, on top of the User Datagram Protocol (UDP)/IP network, for communication between the separated control plane and user plane functions of a network element. –– Sxa reference point between the LTE/EPC SGW-control plane and SGW-user plane; –– Sxb reference point between the LTE/EPC Packet Data Network (PDN) gateway control plane and PDN gateway – user plane; and –– N4 reference point between 5GC Session Management Function (SMF) and User Plane Function (UPF) NFs. –– New Protocol – Packet Forwarding Control Protocol (PFCP) Over the Sxa, Sxb, and N4 reference points, the PFCP is used to exchange user plane controlling information between the separated control plane and user plane network elements/nodes of LTE/EPC or NFs of 5GC. User plane controlling information from the control plane function could be packet forwarding rule, lawful interception, and charging control to be used by the user plane node or network function. To exchange such information, certain procedures using the PFCP are performed between the separated control plane and a user plane of 5GC network function or LTE/EPC network elements/nodes. Such PFCP procedures are of two types – node management procedures and session management procedures.

5G Core Network Architecture

PFCP Node management procedures are used to manage LTE/EPC network nodes or 5GC NFs/entities. Typical PFCP node management–related procedures are: PFCP node association setup, update, release, heartbeat information, load control, and overload control information. PFCP session management procedures between the control plane and user plane function are used to manage sessions, such as its creation, update, or removal, between the separated control plane and user plane NFs of 5GC (i.e. SMF and UPF) or LTE/EPC nodes. A PFCP association, i.e. a node management procedure, between the control plane and user plane function is required to be setup prior to establishing a PFCP session on the user plane function. The control plane function provides the necessary information, as part of a PFCP session creation, to the user plane function on how to handle user plane data/traffic for a PFCP session. A PFCP session is uniquely identified by a Session Endpoint Identifier (SEID). Refer to TS 29.244 [69] for more information on these PFCP procedures. –– Protocol Stack of PFCP Protocol stack-wise, PFCP control plane messages, i.e. node management and session management, are transported on top of UDP/IP (port 8805). On the other hand, user plane data between the control plane and user plane NFs or network nodes are forwarded using GTP-U on top of UDP. Refer to TS 29.244 [69] for more information on the PFCP protocol stack and message header contents and their formats. Typical messages exchanged between the control plane and the user plane entities, as part of the CUPS feature, of LTE/EPC and 5GS network elements using the PFCP are illustrated in the next two sections.

20.1.2  CUPS in the LTE/EPC Network Figures 20.1 and 20.2 illustrate the differences in the typical signaling message flow for a UE-initiated network ATTACH request procedure, along with PDN connectivity request, sent to an LTE/EPS network. Figure  20.1 shows the partial signaling message flow for normal and without the CUPS feature. Figure 20.2 shows the partial signaling message flow with the CUPS feature with PFCP signaling messages, showing the interactions between the control plane and user plane nodes. In the case of the CUPS feature (Figure 20.2), more than one user plane node may associate with a control plane node. Due to this, a control plane selects a particular user plane node. SGW control plane node selects an SGW user plane node. Similarly, the PGW control plane node selects an SGW user plane node. The respective control plane node creates a PFCP session, e.g. Sx Session Establishment Request, toward the respective user plane node, as illustrated in Figure 20.2. In response, the user plane node creates the session and replies Sx Session Establishment Uu UE

S1 eNB

S11 MME

S5 SGW

PGW

UE ATTACH Request with PDN …………………… Connection Create Session Request Create Session Request Create Session Response Create Session Response ……………………… UE ATTACH Accept

Figure 20.1  Illustration: LTE/EPS UE ATTACH procedure without CUPS.

449

450

Mobile Communications Systems Development Uu UE

S1 eNB

S11 MME

Sxa SGW -C

Sxb SGW -U

PGW -C

PGW -U

UE ATTACH Request with PDN Connection

………………………… Create Session Request Sx Session Estb. Request Sx Session Estb.

PFCP

Response Create Session Request

S5

PFCP Sx Session Estb. Request Sx Session Estb. Response

Create Session

Create Session

Response Response ………………………… ………………………… UE ATTACH Accept

Figure 20.2  Illustration: LTE/EPS UE ATTACH procedure with CUPS feature.

Response to the control plane node. Refer to TS 23.214 [34] for information on the user plane selection procedure and PFCP session procedures over the Sx reference points. A control plane node provides the following rules, as part of the packet forwarding model over the N4 or Sx reference points, to the user plane node through the PFCP session creation message, as illustrated in Figure 20.2. These rules are used by the user plane node to process and transfer user data/packets through different QoS flows. ●●

●●

●●

●●

Packet Detection Rule (PDR): This rule specifies how to detect incoming packets/PDUs and how to classify the data. A PDR contains the packet detection and classification information in terms of filters, e.g. IP filters. Separate PDRs are used in uplink and downlink directions. Usage Reporting Rule (URR): This rule contains information on the measurement mechanism to be applied by a user plane node on the usage of network resources, e.g. data volume, and its reporting to the control plane node. Forwarding Action Rule (FAR): This rule contains information on how to forward user data packets in the downlink (to NG-RAN) or uplink (to DNN) direction, dropping, or buffering user data packets by the user plane node. QoS Enforcement Rule (QER): This rule contains information on QoS enforcement to be applied to user traffic.

Each of the preceding rules contains information that controls the user data/packets processing in the user plane function. Refer to TS 23.214 [34] for more information on these packet forwarding rules applied on a PFCP session used by the user plane node.

20.1.3  CUPS Feature in 5G Core Network Based on 3GPP Release 14 CUPS feature/architecture, the 5GS also separates its core NFs into the control plane and the user plane functions, which will be described in this section. A comparative study of the LTE/EPC and 5GC network elements is described below with respect to the CUPS architecture.

5G Core Network Architecture

Recall that the LTE/EPC Mobility Management Entity (MME) performs UE control plane functions, i.e. mobility as well as the session management functions (SMFs). But the 5GC Access and Mobility Management Function (AMF) performs the UE mobility management functions only. The 5GC Session Management Function (SMF) performs UE session management tasks. Note that the SMF also performs similar functions to the SGW-C of LTE/ EPC. The LTE/EPC SGW-U and PGW-U perform the UE/user plane functions. But in 5GS, UE user plane tasks are performed by the User Plane network Function (UPF) only. In the LTE/EPS, UE mobility and session management-related Non-access Stratum (NAS) signaling messages terminates at the MME end. In 5GS, UE mobility management-related NAS signaling messages terminate at the AMF end, whereas the session management-related NAS signaling messages terminate at the SMF end. The SMF communicates session management-related information to a UE via the AMF only. The control plane NFs (e.g. AMF and SMF) of 5GC communicate with each other through service-based interfaces using the HTTP protocol, which is a new introduction into the 5GC by the 3GPP. Unlike the previous-generation core network systems, no GTP control plane protocol is used in the 5GC. However, the communication between the control plane, i.e. SMF, and user plane, i.e. UPF, NFs takes place using the PFCP to exchange control plane messages between them. Figure 20.3 illustrates the interaction between the SMF (control plane) and UPF (user plane) NFs over the N4 reference point as part of the CUPS feature. This is an illustration of a UE-initiated typical protocol data unit UE

Uu

gNB

N2

AMF

HTTP

SMF

N4

UPF

Ul Information Transfer [PDU Session Establishment Request] UL NAS Transfer …………… Nsmf_PDUSession_Create_ SMContext Request Nsmf_PDUSession_Create_ SMContext Response

PFCP

N4 Session Estb. Request N4 Session Estb. Response

Namf_Communication_N1N2 _Message_Transfer [PDU Session Establishment Accept] PDU Session Res. Setup Req [NAS PDU [PDU Session Establishment Accept] RRC Reconfiguration […PDU Session Establishment Accept] RRC Reconfiguration Complete

PDU Session Res. Setup Response

Figure 20.3  Illustration: 5GC CUPS: interaction between control plane and user plane network functions during UE-initiated PDU Session Establishment Request.

451

452

Mobile Communications Systems Development

(PDU) session establishment request made to the 5GC. This figure also illustrates the exchange of PDU sessionrelated messages between the AMF and SMF through service-based interfaces, for example, Nsmf_ PDUSession_ Create_SMContextRequest. Service-based 5GC architecture is described in the next section. As illustrated in Figure 20.3, the UE sends the UL NAS TRANSFER with Payload container = PDU Session Establishment Request NAS layer message, Payload container type = N1 SM Information, Request Type = Initial Request, to the 5G Base Station (gNB), which is further forwarded to the AMF. Since it is an initial request from the UE, the AMF forwards the PDU Session Establishment Request using the service interface, Nsmf_ PDUSession_Create_SMContext Request, of SMF. The SMF sends the N4 Session Establishment Request, containing the PDR, FAR, QER, and URR, to the UPF using the PFCP protocol. UPF responds with N4 Session Establishment Response to the SMF. Finally, SMF responds with the PDU Session Establishment Accept message to the UE to confirm the acceptance of the session establishment request sent by the UE by following this signaling message path – SMF(Namf_Communication_N1N2_Message_Transfer[..])→AMF([PDU Session Res. Setup Req[..])→gNB(DL Information Transfer[..])→UE. Replace the square bracket with the PDU Session Establishment Accept message. The 5GC/AMF sends the PDU Session Resource Setup Request message to the NG-RAN/gNB. The NG-RAN/gNB allocates necessary resources to the UE initiated PDU session being established.

20.2 ­Service-Based Architecture (SBA) The different core network entities and the services provided by them in the previous generations’ mobile communication networks are based on OEM/proprietary and dedicated hardware with specific software, performing the functions and procedures of the core network protocols. However, in a 5GC network, OEM/proprietary hardware-based network entities, along with specific software, used in modern mobile communication networks, e.g. GSM, 3G, or 4G, are replaced by software-based network elements due to the CUPS feature, as described in the previous section, that is, 5GC NFs and procedures are implemented in software. Such a network element implemented in software performs the specific functions and procedures of an OEM/proprietary hardware-based network element. A network element implemented in software, instead of dedicated hardware, is the basis for the service-based or service-oriented architecture 5G core network. A software-based network element, or service producer, provides services to other, or services consumers, software-based network elements through a standard communication protocol, e.g. HTTP, over an existing transport network, e.g. IP. A software-based network element, performing a particular 5GC protocol layer’s functions and procedures, can be added/removed dynamically to scale out/scale in independently and expand the overall network capacity in the 5G system. Dynamic services provisioning through a software-based network element in 5GC is faster than an OEM/proprietary hardware-based network element. Such capabilities are possible only and realized due to the CUPS architecture of the 5GC. The 5GC network architecture is also based on the 3GPP Release 14 CUPS feature as described in the previous section where the core network functional areas, such as mobility management, session management, and user data transfer, are separated into a different control plane and user plane functional blocks. Such functional blocks are called as NFs with well-defined behaviors in terms of performing protocol layer functions and procedures. Separation of control and user plane tasks as separate NFs along with their serviceoriented architectures results in a customizable, scalable, and modular 5GC network. NFs provide ease of scalabilities, i.e. add or remove, enabling a service provider to deploy more than one instance of the same network function in the same Public Land Mobile Network (PLMN). NFs can be deployed in a centralized or distributed manner. The 5GC NFs communicate through service-based interfaces using which a producer provides or exposes its services to a consumer of various network services. Due to this, the 5GC network architecture is also called a service-based architecture, which is one of the major differences between the 5GC and its previous generation’s

5G Core Network Architecture

core network architecture. All the software-based components, i.e. producers/consumers, can reside and provide communication services running on a single host with virtualized infrastructures. The subsequent sections describe the service-oriented architecture as well as various other aspects of the NFs of the 5GC network.

20.2.1  Network Functions and Its Instances As part of an SBA, the 5GC contains software-based components which are called NFs as mentioned in the previous section. An NF may perform the functions and procedures of a specific protocol layer. An NF may also perform other functions and procedures such as performing the functions of central registering and authenticating entity for other NFs, user data management, and logical network provisioning of the 5GC. A network function is a “stateless” entity, i.e. functions and procedures performed by a network function are independent of its state and can provide services to other NFs as well as a consumer of services produced by other NFs. The control plane and user plane NFs used as part of the SBA of the 5GC network are described below. ●●

Control Plane NFs –– AMF, which performs similar functions and procedures of the LTE/EPC MME. 5G NAS layer signaling over the NR air interface (N1) terminates at the AMF end. It also interfaces with NG-RAN over N2. It performs the tasks of 5G MM such as UE registration, connection management, and security management, such as UE authentication/authorization. An AMF can serve multiple network slices or multiple AMFs may be deployed based on the services offered by a 5G network. –– Session Management Function (SMF), which performs 5G NAS layer session management functions, similar to LTE/EPC MME. But SMF performs the UE session management task at the PDU session level only. 5G NAS layer session management signaling messages over the NR air interface (N1) terminate at the SMF end. Session management signaling messages include a PDU session establishment, modification, release, and so on. SMF performs the tasks of IP address allocation, selection of a UPF, creation of GTP tunnel between gNB and UPF, user traffic configuration at UPF end, and so on. Multiple SMFs may be deployed based on the network slices and services offered by a 5G network. –– Authentication Server Function (AUSF), which performs an authentication task during a UE registration either from a 3GPP or non-3GPP access network. –– Network Exposure Function (NEF), which enables to expose the services and capabilities provided by 5GC NFs in a secured manner to other applications within the 5GC network or external applications like the Policy Control Function (PCF). –– Network Repository Function (NRF), which registers and maintains the profiles of the different 5GC NFs and their services instances. NRF provides the service discovery facility to other NFs. Any network function can query the NRF to discover a network function and the services offered by it. NRF provides security-related services also by providing access tokens to network functions during their registration process. Multiple NRFs may be deployed based on the services offered by a 5G network. –– Network Slice Selection Function (NSSF), which select a network slice instance from a set of logical networks or provide network slices for a UE to be served, based on its subscription information. A network slice is a key enabler feature for the 5G system, as described earlier in Chapter 16. NSSF provides a target or list of candidate AMF and NRF to the current or requesting AMF as part of the selection of a network slice instance during a UE initial registration procedure or a PDU session establishment procedure or UE configuration update procedure or an inter-PLMN mobility procedure. –– PCF, which is similar to the Policy Charging and Restriction Function (PCRF) of LTE/EPC. PCF defines and maintains the rules or policies to be used by a UE or to be applied on UE by the 5G network control plane functions while providing communication services to a UE. AMF uses the access and mobility managementrelated policies from PCF. SMF uses the session management-related policies from PCF. UPF uses the service data flow-related policies, which are provided via the SMF, to transfer data to a UE.

453

454

Mobile Communications Systems Development

–– Application Function (AF), which provides PCC, per network slice or Data Network Name (DNN) or both, rules to PCF for services delivered through visited PLMN, i.e. local breakout, in case of a roaming subscriber. –– Unified Data Management (UDM), which is similar to the Home Subscriber Server (HSS) of LTE/EPC and holds subscriber and subscription database. It performs user identification management, generation of UE authentication credentials, and subscription management tasks, e.g. subscribed network slices information, in association with the subscriptions data stored in Unified Data Repository (UDR). UDM provides securityrelated services also by generating and providing an authentication vector to the AUSF network function during a UE authentication procedure. –– UDR: As the name implies, UDR stores the subscriptions data, policy data, application data, and so on, which are retrieved and used by other NFs such as the UDM, PCF, and NEF. ●●

User Plane Network Function

5GC contains the following user plane component or network function, which only consumes network services and does not produce any network service for other NFs. –– User Plane Function (UPF). A UPF performs tasks that are similar to the tasks performed by the LTE/EPC MME SGW-U and PGW-U planes. UPF performs user data packets routing/forwarding between gNB and data network, packet inspection, and QoS handling. Such functionalities are controlled by the SMF based on the packet handling information provided by the SMF to the UPF. The UPF acts as the interface to an external data network and also acts as an anchor point to support intra- as well as inter-Radio Access Technology (RAT) UE mobility. Multiple UPFs may be deployed based on the network slices and services offered by a 5G network. For the detailed description of the tasks performed and services provided by the above 5GC NFs, refer to TS 23.501 [40] and 23.502 [41]. Various tasks performed and services to be provided by a 5GC network function to other NFs can be derived from its corresponding 5G system procedures as defined by TS 23.502  [41]. The services to be provided by a network function are also derived from the other related technical specifications. Thus, a particular 5G system procedure will involve the interactions among different NFs through service-based interfaces. It may be noted due to the 5G network deployment requirements that there can be multiple instances of a particular network function in the control plane, e.g. AMF, as well as the user plane, e.g. UPF. The CUPS feature described earlier in Section  20.1 enables such a deployment of a 5GC network. Each instance provides its designated services to other NF instances. As an analogy, a network function can be compared with a class, and an instance can be compared with an object of the C++ programming language.

20.2.2  Network Functions (NFs) and Their Services Interfaces As part of the SBA, each 5GC control plane network function has its well-defined service interface through which a producer network function exposes its various services capabilities for other NFs. A consumer NF can consume the services of a producer NF through its service interface. Only one service interface is defined per network function. Table  20.1 lists the service interfaces, along with allowed operations, of 5G control plane network functions as part of its SBA. For example, the AMF NFs have the Namf_Communication, Namf_EventExposure,Namf_MT, Namf_Location service interfaces using which they expose various services to other consumer NFs of 5GC. A service interface of a network function is realized through a RESTful API, which shall be described later in Section 20.2.6. For the description of the services provided by a network function over a particular service interface, refer to TS 23.501 [40]. ●●

Representations of 5G System Architecture There are two ways to represent the 5G system architecture, as described in TS 23.501 [40].

5G Core Network Architecture

Table 20.1  5G network functions and their service interface name. 5G Control Plane Network Function Names

Interface Names

Operations

Access and Mobility Management Function (AMF)

Namf

Session Management Function (SMF)

Nsmf

Unified Data Management (UDM)

Nudm

Network Repository Function (NRF)

Nnrf

Network Slice Selection Function (NSSF)

Nnssf

Authentication Server Function (AUSF)

Nausf

Request   Response   Subscribe   Notify

Network Exposure Function (NEF)

Nnef

User Plane Function (UPF)

Nudr

Policy Control Function (PCF)

Npcf

NSSF

UDM

AUSF

Nnssf

Uu

Nnrf

Nudm

Nausf Namf

Control Plane

NRF

Nsmf

Npcf

SMF

AMF N2

N4 N3

UPF User Plane

UE

NG-RAN

PCF

N6

NEF Nnef Naf AF

Data Network e.g. WWW

5G Core Network

Figure 20.4  Illustration: service interfaces-based architecture of 5G system.

–– Service Interfaces-Based Representation NFs interact and are interconnected through predefined service interfaces, as in Table 20.1 above. Note that service interfaces are used among the control plane NFs only. The service interfaces-based representation of a 5G system architecture for a nonroaming scenario is shown in Figure 20.4. For a 3GPP access network and reference pointsbased representation of a 5G architecture for a nonroaming scenario, refer to Figure 4.2.3-2 in TS 23.501 [40]. –– Reference Points-based Representation In the previous generation’s core networks, a reference point was used to interconnect two network elements. However, in a 5GC network, a reference point is used to interconnect two NFs as well as a network function and a network element; see Figure 20.5. For example, the N1 reference point is used between a UE and an AMF network function. Both the 3GPP access and non-3GPP access network 5G system architectures, described in Chapter  16, use reference points naming conventions between two NFs. In the case of the 3GPP access network, reference points are named from N1 to N52; see Figure 20.5. For example, the N4 reference point connects the SMF (control plane) and UPF (user plane) NFs. Similarly, the N6 reference point connects the UPF and external data networks. Reference points – N1 (UE-AMF), N2 (NG-RAN – AMF), N3 (NG-RAN – UPF), N4 (SMF – UPF), N6 (UPF - DN),

455

456

Mobile Communications Systems Development N13 EIR

UDM

AUSF N17

N12

N35

N8

UDR

N10 NSSF Uu

N22

N11

AMF

SMF

N36 N7

N1 N14

N2

N37

N4

PCF

N33 N5

UE

gNB

UPF

AF

N15

N9 N3

NEF

N6

Data Network e.g. WWW

5G Core Network

Figure 20.5  Illustration: reference points-based architecture of 5G system.

Table 20.2  5GS reference points and their protocol and transport networks. 5GS Reference Point

Protocol and Transport Network

N1

NAS over Air interface: Uu

N2

NG-AP over SCTP/IP

N3

NG-U/GTP-U over UDP/IP

N4

PFCP/GTP-U over UDP/IP

N6

IP

Others, i.e. N5, N7, N8. . .

Services produce/consumed through the respective service-based interface over TCP/IP with TLS

and N9 (UPF – UPF) – are realized using their corresponding logical interface, protocol stack, and transport network. The remaining reference points are realized using their respective service interface mentioned in Table 20.1. Note that a Reference Point representation is used for the control plane as well as user plane NFs, but service-based interface representation is used among the control plane NFs only. Table 20.2 summarizes the different reference points and their protocol and transport networks. In the case of the non-3GPP access network also, reference points are named as Y1, Y2, Y4, Y5, NWu, NWt, Ta, and Tn; refer to TS 23.501 [40]. The Y4, Y5, NWt, Ta, and Tn reference points were introduced as part of the 3GPP Release 16.

20.2.3  5G System Architecture with NF ●●

Services Architecture/Interface-Based Nonroaming Architecture of 5G System

Similar to the LTE/EPS system architecture, roaming and nonroaming architectures are also possible within the 5G system. The nonroaming architecture of the entire 5G system comprising 5GC NFs along with the services interfaces among them was shown in the previous section; see Figure 20.4.

5G Core Network Architecture ●●

Services Architecture/Interface-Based Roaming Architecture of 5G System

In the case of a roaming architecture, refer to Figure 4.2.4-1 in TS 23.501 [40], there are two options for routing of user traffic between two 5G PLMNs. –– Local breakout, where the roaming subscriber traffic is routed from the visited network or PLMN using its UPF and SMF NFs and data network. Home PLMN provides subscriber information, authentication, and policy-related information to the visited PLMN. –– Home routed, where the roaming subscriber traffic is routed back from the visited PLMN to the home network or PLMN. In this case, the home and visited PLMN’s UPF and SMF NFs are used. UPF of the visited and home PLMNs is interconnected through the N9 interface for user traffic routing purposes. For roaming architecture and interconnections of 5G systems, refer to Section 4.2.4 in TS 23.501 [40].

20.2.4  Network Functions and Their Services and Operations Each 5GC producer network function provides or exposes a set of services through its service interface as mentioned above. Further, there are service operations, e.g. register, update, notify, and so on, which are associated with each service provided by a network function. Using a service interface, a producer network function exposes such services and their associated operations to consumer NFs. Network function services are designed to be self-contained and reusable. Figure 20.6 illustrates the relationship (one to many – 1 : M) between a network function interface and different services provided under it. It also shows the association of a service and its different operations. For example, the NRF has its service interface, which is called: Nnrf; it has three services called Nnrf_ NFManagement, Nnrf_NFDiscovery, and Nnrf_AccessToken under the Nnrf interface. Each service has one or several operations. For example, the Nnrf_NFManagement services have NFRegister, NFUpdate, NFDeregister, and so on service operations. Service operations provided by a 5GC network function can be compared with a 3GPP protocol layer procedure which consists of exchanging of signaling messages between two network elements of a mobile communication network. For the successful completion of a 3GPP protocol layer procedure, several request/response signaling messages are exchanged among the network elements. Similarly, a particular service operation between a consumer and producer network function can be accomplished through the following messages: ●● ●● ●●

●●

Request, from a consumer to a producer; Response, from a producer to a consumer; Subscribe, from a consumer to a producer. A consumer network function may subscribe to a service, say the occurrence of an interesting event, provided by a procedure network function. For example, a consumer network function instance may be interested to get notified by the NRF on the failure of a producer network function service instance; and Notify, from a producer to a consumer. A producer network function will notify the availability of an interesting service to a consumer network function.

Network Function Interface

1

M

Interface Services

1

M

Service Operations

Figure 20.6  Illustration: network function interface, services, and its operations.

457

458

Mobile Communications Systems Development

Figure 20.7 illustrates the above service operation flow method applicable between two NFs of 5GC. For more description of the 5GC NFs along with their service interfaces, different services offered by them under each interface, their respective operations, design guidelines, and guidelines used for the nomenclature of a service and its operations, refer to TS 23.501 [40] and 23.502 [41].

20.2.5  Network Functions Services Framework The 5GC NFs produce/consume various network services and interact with each other through a common framework that consists of the following procedures: ●● ●● ●● ●●

Register Authorization Discovery Deregister

The 5GC NFs services framework is illustrated in Figure 20.8. Within the above service framework, the NRF acts as the registration and access authentication server for the rest of the 5GC NFs. The NRF provides management, discovery, and authorization services to the other NFs. NRF uses the token-based OAuth 2.0 service authorization framework to authorize a consumer network function. A consumer network function registers with the NRF using the Nnrf_NFManagement_NFRegister service operation. A consumer network function provides its profile information to the NRF in terms of network function type, instance id, and services that it exposes for other NFs.

Producer Network function

Consumer Network function

Service operation Request Service operation Response ~ ~

Service operation Subscribe

~ ~

Service operation Notify

Figure 20.7  Illustration: 5GC network functions service operation flow.

Register

De-Register

5G Core network Services Framework

Authorization

Discovery

Figure 20.8  Illustration: 5GC network functions services framework.

5G Core Network Architecture

A consumer network function must be registered with and authenticated by the NRF before the consumption of other network services. Once registered with the NRF, a consumer network function executes the Discovery procedure toward the NRF to discover a particular network function instance and its exposed services. A consumer network function may discover instances of one network function and a particular service, or it may discover the instances of all the NFs and their services. Further, before consuming network services, a consumer network function must be authenticated by sending the Nnrf_AccessToken_Get_ service request to the NRF. The NRF uses the Oauth2 authentication protocol and provides an access token to the consumer network function for its subsequent services requests to producer NFs. For the description of each of the above processes, shown in Figure 20.8, of the 5GC NFs services framework, refer to TS 23.501 [40] and 23.502 [41]. Figure 20.9 further illustrates the above service framework through the registration, discovery, authorizations, and deregistration processes for some of the network functions such as AMF, SMF, AUSF Service Communication Proxy (SCP), and NRF. In Release 15 5G core network, NFs can make direct communication with each other over HTTP. The SCP, which was introduced as part of the 3GPP Release 16, however, provides a delegated, or an indirect, network function discovery mechanism for other network functions. The arrow shows the corresponding request/response between a network function and the NRF. As part of the registration process, a consumer network function, say AMF, uses the Nnrf_NFManagement_NFRegister service to register with the NRF. The service registration request contains the profile of the consumer network function, which consists of mandatory as well as optional input parameters. Some of the mandatory parameters supplied as part of the registration request message are network function type, instance id, PMLN id, and list of supported services. As part of the response to the registration request, the NRF provides a list of NFs and their profiles to the AMF. As illustrated, a profile of a network function consists of its ID, type, list of services offered by it, and so on. For more details on the input parameters to be provided by each of the NFs to NRF as well as the response/output parameters from the NRF to a network function as part of the 5GC service framework and its operations mentioned above, refer to TS 29.510 [76]. ●●

Status of Network Function (NF) Service Instance

Multiple instances of a particular network function can exist, which also enables to support NFV capability in 5GC. To inform the current operational status, each network function service instance contacts and exchanges NF Profile

Discovery

(De)Register

,Update

(De)Register AMF

Discovery

, Update

NRF

(De)Register,

Discovery

AUSF

Update

(De)Register,

NF Profiles

SCP

Update Discovery

NF Profiles

NF Profiles

SMF

ID …. Type.. List of Services.. Authorization..

NF Profile ID …. Type.. List of Services.. Authorization..

Figure 20.9  Illustration: registration, authorization, and discovery of network functions.

459

460

Mobile Communications Systems Development

heartbeat information periodically with the NRF. The periodicity of heartbeat information from a registered network function instance to the NRF is operator configurable. The periodicity of heartbeat information is defined as part of the network function profile parameter which is called the heartBeatTimer and defined in seconds. Figure 20.10 illustrates the statuses maintained by the NRF for each of the network function instances. As illustrated, a network function instance can be in one of the following states, as maintained by the NRF: –– Registered In this state, a network function service instance is registered in the NRF and can be discovered by other NFs. –– Suspended In this state, a network function service instance is registered in the NRF but not in an operational state. NRF marks a registered network function instance in a SUSPENDED state if there is no heartbeat information periodically from it. Also, in SUSPENDED status, a network function instance cannot be discovered by other NFs. –– Undiscoverable In this state, a network function service instance is registered in the NRF, which is also in an operational state. But it cannot be discovered by other NFs. NRF may mark a registered network function instance in undiscoverable states if it is shut down because of Operation and Maintenance (O&M) operator actions. Figure 20.11 further illustrates the usages of the heartbeat timer at the NRF end. At the expiry of the heartbeat timer, the NRF marks the status of the particular network function instance as suspended. t ea r-B d a e He Fail

Register Shutdown

Suspended

Undiscoverable

Restart

Status of Network Function Instance NRF

Figure 20.10  Illustration: status of network function instance at NRF.

NF Instance

NF Status

NRF

Registered Heart-Beat heartBeatTime If heartBeatTimer Expired? Suspended

Figure 20.11  Illustration: usages for heart beat timer for NF status.

5G Core Network Architecture

O&M operator action, such as a restart, may be required to bring a network function service instance into a registered and operational state again. Refer to TS 23.527 [43] for more details on the service interface-based network function instances restoration processes. The subsequent sections describe the protocol layers and methods used to realize the 5GC service framework architecture with the various NFs described in Section 20.2.1.. ●●

Protocol Stack (Control Plane) for Service Interface-Based Communications

Earlier, we have described the various physical as well as logical interfaces used by the previous generation’s mobile communications networks. For example, between the LTE eNodeB and its EPC, user plane (S1-U) data are transported through GTP/UDP and control plane (S1-AP) data are transported through the Stream Control Transmission Protocol (SCTP)[17] over the existing IP transport network. We have also described in Table 20.1. on the various service interfaces provided by the different 5GC NFs in the control plane. Using the service interfaces (Figure 20.4), the 5GC NFs exchange their application protocol information among them in terms of request/ response, subscribe/notify communications as described above; refer to Figure 20.7. Service interface-based communication among the 5GC control plane NFs also uses the existing IP transport network. In addition to this, the HTTP/2 protocol is used to pass network function-specific application protocol information among the different 5GC control plane NFs. Further, the HTTP/2 protocol uses the Transmission Control Protocol (TCP) as the transport layer along with the transport layer security (TLS) layer to provide an encrypted communication among the control plane NFs. Figure 20.12 illustrates the usages of the HTTP/2 protocol stack to achieve service-interfaces-based communications among the 5GC control plane NFs. The service interfaces supported by the 5GC control plane NFs were described earlier in Section 20.2.2. Each control plane network function performs its application protocol specific tasks. Communication for any request or response for a desired resource or information is passed as a payload over the HTTP/2. Note that the error reporting mechanism of HTTP/2 protocol is used to report any error between a consumer and producer network function which will be described and illustrated in later sections. HTTP/2 is also used by the World Wide Web (WWW) for communications between client and server systems over the internet. HTTP/2 standard methods or verbs such as the PUT, POST, GET, and DELETE are used to make service operation requests and responses between a consumer and producer network function. These HTTP/2 methods are used by the WWW also for communication between a client and server system over the internet. The method used to communicate between a consumer and producer network function within the 5GC services-based framework is described below.

AUSF SCP PCF NEF AMF

Uu

N2

N3 UE

gNB

Nausf Nscp Npcf Nnef

Nnrf H Nudm T T Nnssf P / Naf 2

Namf

Nsmf TLS TCP IP L2 L1

NRF UDM NSSF AF SMF N4 UPF

N6

DNN

5GC

Figure 20.12  Illustration: communications among 5GC control plane network functions using HTTP/2 protocol.

461

462

Mobile Communications Systems Development

20.2.6  Services API for Network Functions ●●

Service Application Programming Interfaces (API) for Communications Among Network Functions

In a 5GC service-based framework, the consumer as well as producer network function use the API method of communication among them. In day-to-day life, mobile users use mobile applications for different types of services such as weather services and social media services. Such mobile applications request the desired information or resources from the concerned web server on behalf of the mobile user. The client or the mobile application presents the information received from the web server in a human-readable format to the mobile user. Such a request/response operation between a web client and its server is accomplished through the usages of APIs using the HTTP over the internet. As far as the 5GC is concerned, an API is defined for each of the services supported by a particular network function. A service API operates on a resource which can be a network function instance or collection of all the NFs instances and so on. A resource can be a logical object upon which a service API may perform its desired action/operation. Using a service API, a consumer network function consumes a service produced by a producer network function. To accomplish this, a consumer network function invokes the desired service API over the HTTP toward the producer network function. A service API enables a consumer network function to specify the desired action to be performed by the producer network function on a particular resource through one of the standard methods or verbs of HTTP such as the PUT, POST, GET, and DELETE. Such operations applied on a network function resource can be also described using the acronym CRUD where C stands for Create, i.e. POST, a resource; R for read, i.e. GET, a resource; U for an update, i.e. PUT, a resource; and D for delete, a resource. Each service API has a predefined set of resources on which the desired operation can be performed through one of the HTTP methods mentioned above. Refer to the corresponding network function services’ description of technical specification, e.g. TS 29.510 [76] for NRF services, TS 29.518 [77] for AMF services, and so on, for more details on such resources used by each service API. ●●

Definition, Descriptions, Format, and Data Types for Service API

As part of the 5GC SBA framework, NFs communicate with each other through different service APIs. Such APIs are defined in Open API 3.0.0 specification. Further, the YAML Ain’t Markup Language (YAML– a recursive acronym) format is used to describe a service API. The information elements, information elements identifier, and types used in the air interface layer 3 messages were described earlier in Chapter 4 of this book. Similarly, through a service API and its corresponding operation, different types of information are exchanged between a 5GC consumer and a producer network function. Due to this, different data types are used for different types of information. 5GC SBA framework defines a simple data type, enumeration type, and structured types that are used by such service APIs and its operations of different NFs. Such data types to be used by the service operations of different APIs are described in the 3GPP TS 29.501 [74], TS 29.571 [78] and are also described further by the corresponding network function service description of technical specification. ●●

Design Style of 5GC Service API: RESTFul

One important aspect of the 5GC NFs and their service APIs is their design style used over the HTTP. Services APIs are designed in RESTful style, which stands for Representational State Transfer. RESTful style APIs are used by the 5GC network functions for communications over the different service based interfaces. Representation specifies the format to be used to represent or describe a resource as part of a request/response API. In the case of a 5GC service API, a Java Script Object Notation (JSON) format of structuring data, having Key (on the left side) – Value (on the right side) pair, is used to represent a core network resource. The JSON representation format is simpler than the XML format. A profile of a typical network function can be represented as follows using the JSON format:

5G Core Network Architecture

{ "nfInstanceId": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx," "nfType": "NRF," "nfStatus": "REGISTERED" ………………………………………………………………….. } A consumer network function specifies the representation style being used under the “Content-Type” field of HTTP header in its API request made to a producer network function. In an Open API specification of a service API, resource representation in JSON format is specified under content-type: “application/json” for a successful scenario, and for an erroneous scenario, the content-type “application/problem + json” is used. For more details on HTTP headers to be supported by a consumer and producer network function, refer to TS 29.500 [73]. There are several characteristics based on which an API is classified to be a RESTful API. Some of the characteristics are Caching, Stateless, Client–Server, and so on. Depending on the purposes, the APIs supported by a particular 5GC network function may or may not exhibit all the characteristics of a RESTful API. A particular response/ information from a producer network function may no longer be valid at the consumer end after a certain interval. This is specified through “Caching” or “max-age” as part of the HTTP header of the corresponding response message from the producer network function. The “Caching” period is applicable for the consumer network function till it considers the information received from the producer network function as valid. For more information on the RESTful characteristics of 5GC APIs, refer to the corresponding 3GPP TS for network function service description. The NRF discovery service and UDR data repository service APIs are the examples of APIs that exhibit the RESTful caching characteristics. For more information on the characteristics of RESTFul API, refer to TR 28.891. RESTFul representation of API was introduced by Dr. Roy Fielding in his 2000 Doctorate Dissertation “Architectural Styles and the Design of Network-based Software Architectures. ●●

Unique Resource Identifier (URI) for Service API

As described above, a consumer NFs may request the information of a particular resource or perform other actions/operations on the existing resource available at the producer network function end. Each resource is identified through a URI using which a consumer network function performed the desired operation through one of the HTTP methods/verbs described above. As an analogy, consider the path of a directory and its files. Using a unique path, a new file can be added to the directory or delete an existing particular file. A URI contains the concatenation of the following components separated by “/”: –– API Root, e.g. https://localhost:12345, with a fully qualified domain name (FQDN); –– API Name, e.g. “nnrf-disc” API name, is used for NRF discovery service. Similarly, the “nnrf-nfm” API name is used for the NRF network management service; –– API Version, with, major, minor, and patch versions. Only v1 as a major version is used; and –– API-Specific URI part, e.g. ../nf-instances which represent a collection of network function instances. Similarly, .../nf-instances/{nfInstanceId}(Profile) which represent a particular network function instance. For more information on the API name of various services offered by the different NFs, refer to the corresponding network function service description of technical specification, e.g. TS 29.510 [76] for NRF services, TS 29.502 [75] for sessions management services, and TS 29.518 [77] for access and mobility management services. Each service API has a predefined set of URI and resources on which the desired operation can be performed through one of the HTTP methods mentioned above. Refer to the corresponding network function service description of technical specification for more details on such resources, e.g. TS 29.510 [76] for NRF services, TS 29.502 [75] for sessions management services, and TS 29.518 [77] for access and mobility management services. Usages of URIs and HTTP methods in the 5GC service framework are illustrated through Examples 20.1 to 20.5.

463

464

Mobile Communications Systems Development

Example 20.1  NF Registration with NRF Using HTTP PUT Method Figure 20.13 illustrates the usages of the HTTP PUT method and its URI for registration of a particular consumer network function instance, e.g. SMF, with the registration and authorization server, i.e. NRF. An instance of a network function must be registered with the NRF so that other NFs can discover the requested network function and its services. Figure 20.13 also illustrates the usages of the FQDN as part of the URI along with the API name, i.e. nnrf-nfm; version, i.e. v1; and service resource-specific URI, i.e.. /nf-instance/{nfInstanceID}. Usages of a particular port, e.g. 12 345, and the status code, either success code: 201 OK or error code: 4XX/5XX, returned from the NRF to the SMF are also illustrated.

SMF

NRF

PUT https://abc.com:12345/nnrf-nfm/v1/nf-instances/{nfInstanceID} (NF Profile) 201 OK: Created

OR

4XX/5XX: Error

Figure 20.13  Illustration: usages of a service API and HTTP PUT method for SMF registration with NRF.

nfInstanceID refers to a Universally Unique Identifier (UUID) which is assigned to the NF instance, i.e. SMF, to be registered with NRF. A UUID, RFC 4122 [15], of 128 bits length is allocated to each instance of a network function. Note that a UUID is also allocated as a service instance identifier to an NF service. An UUID takes the format of: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx where “x” can be 0–9 or hexadecimal: a–f. The profile, e.g. NFProfile, of the requesting network function, e.g. SMF, is also included as part of the HTTP PUT request. A profile of a network function instance contains mandatory, conditional, as well as optional parameters. Some of the parameters contained in a profile of a network function instance are listed below: –– Identifier, i.e. UUID, for the network function instance; –– Type of the network function instance; –– Status of the network function instance; –– Name of the network function instance; –– Heartbeat timer; –– IP address and so on. The typical definition of a network function profile through the sample program is illustrated later in Chapter 21. Data types and their contents, used by each service API and its operations, are described by their corresponding technical specification. For NRF, refer to TS 29.510 [76] that describes all such data types, i.e. NFProfile, nfInstanceID, as mentioned above. If the network function instance was created and registered successfully with the NRF, it will return the HTTP status code: 201; otherwise, appropriated HTTP error code: 4xx/5xx will be returned to the requesting network function instance, e.g. SMF. Refer to TS 29.500 [73] for the supported HTTP error codes used in 5GC service-based interfaces among the different NFs. For more information on the services provided by the NRF and their operations, refer to TS 29.510 [76].

5G Core Network Architecture

Example 20.2  Retrieval of a Profile of an NF Instance from NRF Using HTTP GET Method Figure 20.14 illustrates the retrieval of the profile of a network function instance, given its instance identifier nfInstanceID, from the NRF using the HTTP PUT method. The NRF returns the desired NF profile instance in case of a successful retrieval with status code: OK or an error code: 4XX/5XX to the consumer network function if the provided nfInstanceID is an invalid one. SMF

NRF

GET https://abc.com:12345/nnrf-nfm/v1/nf-instances/{nfInstanceID}

201 OK: (NFProfile) OR

4XX/5XX: Error

Figure 20.14  Illustration: usages of a service API and HTTP GET method for retrieval of NF profile.

Example 20.3  Deregistration of an NF Instance from NRF Using HTTP DELETE Method Figure 20.15 illustrates the deregistration of a network function instance, given its instance identifier {nfInstanceID}, from the NRF using the HTTP DELETE method. The NRF returns the HTTP code: 204 in case of a success scenario with an empty response body to the consumer or an error code to the consumer network function if the provided nfInstanceID is an invalid one. NRF

SMF DELETE https://abc.com:12345/nnrf-nfm/v1/nf-instances/{nfInstanceID} 204 NO CONTENT OR

4XX/5XX: Error

Figure 20.15  Illustration: usages of a service API and HTTP DELETE method to deregister an NF profile.

Example 20.4  Discovery of a Network Function Instance from NRF Using HTTP GET Method Figure 20.16 illustrates the discovery of a network function instance and its services by another network function. Consider that SMF wants to discover the availability of the AMF network function and its services. To discover a network function instance, the SMF uses the HTTP GET method with its API URI, as illustrated in Figure 20.16. Note that several query parameters can be specified as part of the URI of the discovery procedure of a network function and its services. In this typical illustration, the SMF attempts to discover the namfcomm service of the AMF which is specified as part of the query parameters of the URI. The NRF returns the HTTP code: 200 to the SMF, or consumer network function, in case of successful discovery of the target or producer network function instances. The response also contains the validity of the target or procedure NFs instances so that the requester or consumer network function can store and cache it.

465

466

Mobile Communications Systems Development SMF

NRF GET https://abc.com:12345/nnrf-disc/v1/nf-instances?target-nf-type=AMF&requesternf-type=SMF&service-names=namf-comm 200: OK (SearchResult) OR

4XX/5XX: Error

Figure 20.16  Illustration: discovery of a network function instance and service using HTTP GET.

A typical response from the NRF for the discovery procedure illustrated in Figure 20.16 is shown in JSON format below. The status of the AMF network function instance and its offered service, i.e. namf-comm, is being shown as the REGISTERED state. The unique instance identifiers for the AMF NF instance and its service namf-comm are also shown. { "validityPeriod": 1234 "nfInstances": [{ "nfInstanceId": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx," "nfType": "AMF", "nfStatus": "REGISTERED", ......................... "nfServices": [{ "serviceInstanceId": "yyyyyyyy-yyyy-yyyy-yyyy-yyyyyyyyyyyy", "serviceName": "namf-comm", "versions": [{ "apiVersionInUri": "v1", ..................... }], "scheme": "https", "nfServiceStatus": "REGISTERED", .............................. }]}]} For more information on the NF service discovery procedure using API and query as well as its response parameters offered by the NRF, refer to TS 29.510 [76]. Example 20.5  UE Context Transfer Request from Source to Target AMF As a mobile user moves from one location to another location, a UE may be required to register with an AMF in its new location. The UE performs a registration request with its GUTI to the new AMF. Based on the GUTI, the new, i.e. target, AMF requests the old, i.e. source, AMF to transfer the UE context. This is accomplished through the Namf communication service and its transfer operation from the target AMF to source AMF, as illustrated in Figure 20.17. As illustrated in Figure 20.17, a UE context information transfer request is made through the HTTP POST method which uses the structure UeContextTransferReqData as the content of its body. The context of the UE is provided from the old/source AMF to the new/target AMF through the UeContextTransferRspData structure as the body of

5G Core Network Architecture

Target SMF

Source NRF

POST https://abc.com:12345/namf-comm/v1/uecontexts/{ueContextID}/transfer (UeContextTransferReqData)

200 OK: (UeContextTransferRspData) OR 4XX/5XX: Error

Figure 20.17  Illustration: usages of a service API and HTTP POST method to transfer UE context information.

the 200  :  OK response. The {ueContextID} represents the context ID of the UE whose context information is requested from old AMF. For more information on the Namf communication service and transfer operation provided by NRF, refer to TS 29.518 [77]. ●●

Security for Service-Based Interface: OAuth 2.0 Framework

The security mechanisms applied over some of the logical interfaces of the previous generation mobile communication systems and the network were described in Chapter 9 of this book. Further, the 5G security system and its services were described earlier in Section 16.11. Similarly, security measures are also applied over the servicebased interfaces of the 5GC NFs services framework as described in the previous section. As part of the overall 5G security architecture, TS 33.501 [87], the security measures applied in the services-oriented architecture of 5GC is based on the OAuth 2.0 authorization framework. OAuth 2.0 is defined in RFC 6749 [20]. In this framework, the authorization server, e.g. 5GC NRF, issues an access token to a registered client, i.e. consumer network function. A consumer network function obtains an access token before accessing different NFs and their services. As far as the 5GC is concerned, a consumer network function is required to be authorized and then obtain an access token from an authorization server, i.e. NRF. A consumer NF can obtain an access token for several producer NFs as specified under the scope of the access token request communication made to the NRF. The access token provided by the authorization server, i.e. NRF, is a JSON web token (JWT) type, as described in RFC 7519 [23]. A JWT is secured through a digital signature or a message authentication code (MAC). Table 20.3 shows the various authorization roles defined under the OAuth2.0 authentication framework along with the 5GC NFs performing the corresponding role. For more information on the OAuth 2.0 authentication framework, refer to the RFC 6749 [20]. In an OAuth 2.0 framework, the authorization server issues an access token to a client as part of an authorization grant. Under the OAuth 2.0 framework, there are four types of authorization grants between a client or consumer network function and a resource server. Refer to RFC 6749 [20] for more details on different authorization grant types. However, the 3GPP specifies the client credential authorization type to be used between a consumer and producer network function. In the 5GC network, the authorization server, i.e. NRF, issues an access token based on the credentials of a client, i.e. consumer network function. The allocated access token is included through the HTTP standard header field called authorization in a service operation request from a consumer to a producer network function. For more information on the authorization and access token allocation process, contents of access token request, and response, refer to TS 29.501 [74]. For illustrations on the network function authorization process and the allocation of an access token over 5GC service-based interfaces, refer to TS 33.501 [87]. ●●

Error Handling and HTTP Responses in Service API communication

The protocol layer error handling mechanism was described earlier in Chapter 15 of this book. For example, to report an unexpected protocol error detected over the LTE air interface, GPRS Gb interface, and so on, a STATUS PDU is used by the UE, the E-UTRAN, Serving GPRS Support Node (SGSN) or Base station controller (BSC).

467

468

Mobile Communications Systems Development

Table 20.3  Authorizations roles of 5GC network functions with respect to OAuth 2.0. Role of Network Function as Per 5GC Service-based Framework

Role as Per OAuth 2.0 Framework

Network Resource Function (NRF)

Authorization Server

Consumer

Client

Producer

Resource Server

Network Function Instance ID

Client ID

Similarly, an error handling mechanism is also provisioned in case of a 5GC service framework and interface-based communications over the HTTP to report the status of the executed service operation. For these purposes, any application protocol-specific error detected by a producer network function is reported to a consumer network function by mapping to a standard error code of HTTP. For example, during a service operation request, if an invalid service API name or version error is detected by a producer network function, the error will be mapped to the HTTP standard error code: “400 Bad Request” and reported to the consumer network function. Further, the producer network function will provide additional information under the “ProblemDetails” information element on the error being detected to the consumer network function. This is similar to the inclusion of the whole erroneous PDU in STATUS PDU in case a protocol error is detected over the LTE air interface or GPRS Gb interface. HTTP status code: 2xx implies successful scenarios, whereas the status code:4xx/5xx implies failure scenarios. Refer to the illustration shown in Figure 20.17. A successful scenario provides the requested information about a resource from producer to a consumer network function whose content-type in the HTTP response header will be set to application/json. However, in case of a failure scenario, such as due to an invalid instance id, the contenttype in the HTTP response header will be set to application/problem + json with additional information put under the “ProblemDetails” information element. ProblemDetails contain several helpful information, such as the type, title, status, detail, and cause, as described in TS 29.571 [78]. 5GC error handling will be defined and illustrated in the next chapter through a sample software program.

20.2.7  Network Function Selection Core network element selection function, i.e. selection of a mobile switching center (MSC), SGSN, or MME from a pool, used in the previous generation mobile communication networks, was described earlier in Section 7.1.2. Such a selection function is called the NAS Node Selection function (NNSF). In Section 20.2.1, different NFs of 5GC along with the functions and procedures performed by each network function were described briefly. In a 5GC network, due to the virtualization of NFs, multiple instances of a particular network function may be configured and run to activate or deactivate a service dynamically depending on the business or on-demand events requirements. In case of a configuration and deployment of multiple instances of a network function, a network function instance selection function shall be also required, which is similar to the NNSF, to serve a particular service or a network slice. Similar to the NNSF which is used to select a core network element, several parameters or factors are considered to select a network function instance also. Figure 16.14 illustrated earlier shows the NFs instance selection for a typical network slice. The arrow lines (1, 2, 3, 4, 5, 6) show the selection of a particular network function instance based on several parameters or factors. For example, based on the requested Network Slice Selection Assistance Information (NSSAI), a gNB selects an AMF to forward UE NAS layer messages. An AMF selects an AUSF which performs authentication between the UE and 5GC. AMF also selects SMF and UDM. Further, an SMF selects a UPF to transfer user data corresponding to a UE PDU session. As illustrated in Figure 16.14, several instances of a network function can be deployed for redundancy purposes and are grouped into an NF set. If an instance is not available either in the control plane or user plane, another network function instance may be selected.

5G Core Network Architecture

In summary, the following NFs instance selection functions are required to be made available in the 5GC. Some of the typical parameters to be used for the selection of a particular network function instance are also mentioned. Operator-specific 5GC configuration information may be also used while selecting a particular network function instance. ●●

AMF Selection

Input parameters for selection: Operator configuration, e.g. dynamic load, 5G-S-TMSI or Globally Unique AMF ID (GUAMI), requested NSSAI, AMF region ID, and AMF set ID ●●

SMF Selection

Input parameters for selection: Data network name, Single Network Slice Selection Assistance Information (S-NSSAI), Network Slice Instance Identifier (NSI-ID), subscription information, and UE location ●●

UPF Selection

Input parameters for selection: Operator configuration, e.g. dynamic load, deployment location, i.e. centralized or distributed, S-NSSAI, SSC mode, and subscription information. ●●

UDM Selection

Input parameters for selection: Operator configuration, UDM group ID, Subscription Permanent Identifier (SUPI), and PLMN ●●

AUSF Selection

Input parameters for selection: Operator configuration, AUSF group ID, SUPI, and PLMN ●●

PCF Selection

Input parameters for selection: Operator configuration, PCF group ID, SUPI, PLMN, S-NSSAI, and DNN ●●

UDR Selection

Input parameters for selection: Operator configuration, UDR group ID, and SUPI

20.3  ­Network Function Virtualization (NFV) In a typical enterprise IT system architecture, a general-purpose hardware server may be dedicated to run only one instance of an operating system along with an application such as a database. On the other hand, a dedicated general-purpose hardware server can be also deployed to run multiple instances of an operating system or different operating systems as well as run different applications on top of them. This is accomplished through the server virtualization technology where virtual computing resources in terms of CPU cores, memory, NICs, and storage can be allocated differently as per the requirements of different operating systems and applications to be run on top of it. Another example is the emergence of a next-generation firewall, which provides, in addition to protecting a network, other security services like antivirus, intrusion prevention or load balancing, and so on, all on a single box. Earlier, each of these security services was provided through separate hardware appliances from different Original Equipment Manufacturer (OEM)/vendors. Similar to the virtualized IT system architecture of an enterprise, the 5G system core network architecture would also enable operators to provide communication services through virtualizations of different core NFs on a general-purpose hardware server. Earlier, the individual core network element, such as the MSC, SGSN, and Gateway GPRS Support Node (GGSN), was deployed on a dedicated and tightly coupled proprietary hardware

469

Mobile Communications Systems Development

with specific tasks, e.g. switching, routing, etc., performed by them. However, as far as the SBA of the 5GC is concerned, a protocol layer or a functional area can be deployed as an individual software-based entity or functional block performing its designated NFs and procedures, either control plane or data plane, as explained earlier in Section 20.2. Such software-based entities or functional block designed for 5GC NFs can be decoupled from its underlying hardware and deployed on top of virtualized infrastructures provided by a general-purpose hardware server. Virtualized network functions (VNFs) provide ease of independent (of underlying hardware) scalability, on-demand network capacity expansion, customize virtualized as well as physical resources for different network slices, has low operation and maintenance cost due to software-based/software defined NFs, and so on. Figure 20.18 illustrates the NFs of virtualizations through the deployment of 5GC NFs on a virtualized hardware platform. As illustrated, two SMFs and four UPFs are shown to be used in this (Figure 20.18) typical NFVs deployment scenario. The SMFs can be used to deploy two network slices, assigning one SMF to each slice. Similarly, the UPFs can be used to connect to four data networks, assigning one UPF to each data network. Thus, a UE can be served by four data networks through two PDU sessions and their network slices. Note that a UE will be served only AMF and NRF for all of its PDU sessions and their network slices. Further, as illustrated, NFVs consists of two layers: –– Virtualized infrastructure layer and –– VNFs layer. The virtual infrastructure layer consists of physical computing hardware resources and a special-purpose software layer that provides virtual computing resources in terms of multiple logical CPU cores, memory, NICs, and storages to the virtual NFs. The special-purpose software component is called as Hypervisor, which forms the virtualization layer of the virtualized infrastructure. A hypervisor interacts directly with the physical computing resources, i.e. CPU, memory, NICs, and storages, and provides a hardware abstraction to the VNFs of 5GC. As the CUPS feature, described earlier in Section 20.1, separates/decouples the control plane and user plane of a network element, similarly the virtualization layer, i.e. hypervisor, decouples/separates the 5GC NFs from the actual physical computing resources and provides the virtual computing resources to them, as illustrated in Figure 20.18.

Control Plane AMF PCF

SMF AUSF

5G Core Network SMF SCP

User Plane

NSSF …

UPF

UDM

UPF

UPF … UPF

Virtualized Infrastructure Virtual CPU

Virtual Memory

Virtual Network

Virtualization Layer (Hypervisor) Hardware Layer CPU

Memory

Network

Figure 20.18  Illustration: 5G core network functions virtualizations.

Network Slices

470

5G Core Network Architecture

IP Address: 1.2.3.4 Host: amf@abc....

VM-1

VM-2

AMF/SEAF

UPF

OS

…….

OS

IP Address: 1.2.3.4 Host: upf@abc....

Virtualization Layer (Hypervisor) Figure 20.19  Illustration: virtualization with virtual machines.

Virtual NFs consist of the different NFs of 5GC on top of the virtual infrastructure layer. As an example, the UDM, similar to Home Location Register (HLR), may be provisioned with more storage capacity than the other NFs. AMF and SMF may be provisioned with more CPU cores to handle a large number of signaling messages. Similarly, multiple instances of the UPF can be deployed to handle user plane traffic for different use cases or network slices and multiple data networks. –– Virtual Machine (VM) A physical desktop or server contains physical computing hardware resources. As mentioned above, the hypervisor creates a virtualized computing facility by providing virtualized or logical resources, i.e. processor, memory, network, and so on, to the different NFs. Such a virtualized computing facility is called a VM that behaves like a physical machine. Each VM can be assigned an IP address, a name with an FQDN. Depending on the requirements, different applications or NFs can be run on different VMs. A VM can also run multiple applications or NFs, as illustrated in Figure 20.19. As the AMF and Security Anchor Functionality (SEAF) functions are co-located in 5GC, they run on the same VM-1. UPF, which handles user plane data transfer, runs on a separate VM-2. ●●

Management and Orchestration (MANO) of NFV

MANO of network slices, of a 5G network, for managing its lifecycle was described earlier in Chapter  16. Similarly, the management of NFV is also required to manage the lifecycle of its various components or layers, i.e. virtualized infrastructures, VNFs, such as its instantiations, scale-out/in, termination, and so on, by system administrators. On the other hand, an orchestration of the entire NFV ecosystem with other support systems such as operation support systems and business support systems as deployed by an operator is also required. For interoperability, open interfaces/reference points are used between the NGV MANO and other support systems. Such open interfaces/reference points are standardized by European Telecommunications Standards Institute (ETSI). As standardized by the ETSI [7, 8], an NFV framework consists of the following domains: –– VNF; –– NFV infrastructure (NFVI); and –– NFV MANO. VNF, NFVI, and MANO of an NFV framework have been described briefly in the preceding paragraphs. For more information on NFV reference architecture and its building blocks, requirements, and so on, as standardized by ETSI, refer to [7, 8].

471

472

Mobile Communications Systems Development

­Chapter Summary This chapter presented some of the fundamental aspects of the 5GC network system architecture, mainly the separation of control and user plane functionalities of a core network element into separate software-based entities; SBA, for ease of scalability; and NFVs, for creation of logical networks through network slicing. These architectures shall become the backbone for the 5GC network along with its new radio to support various use cases and services envisaged to provide through a 5G system. The architecture, logical interfaces, and protocols used by the 5GC system are different from the previous generation’s core networks. 5GC introduces the web programming and communication paradigm among its NFs in which they communicate over the HTTP which is used by different hosts also to communicate over the internet. In the previous generation core network systems, the GTP control plane (GTP-C) or other protocol, e.g. Diameter, were used for signalling communications among the network elements. However, in the 5GC, the network functions uses the newly introduced HTTP only for signaling communications among them,which is a key difference from previous generation core networks. A physical node may have been used for a network element in the previous generation’s core network, but in 5GC, several logical instances for a particular network function may be used and deployed either through a distributed or localized configuration. This further enables the 5GC to support NFVs, as well as network slicing on top of it.

473

21 5G System Low-level Design

­Introduction In Chapter 14, we presented several core aspects of the design and development of protocol layers as far as the 3rd Generation Partnership Project (3GPP) technical specifications are concerned. We covered protocol layer message formats and their data structures using which a layer-to-layer or peer-to-peer layer communication takes place among the network elements of mobile communications networks. Apart from these, all the relevant information and configuration data as required by a protocol layer are described by its concerned 3GPP TS. This chapter further presents the low-level design (LLD) requirement phase of a typical Software Development Life Cycle (SDLC) in terms of identification, the definition of logical objects, and parameters that are derived from the companion technical specifications of a protocol layer. The LLD document may be used as the basis to formally start the protocol layer software development process. This chapter begins with the 5G Core Network (5GC) service interface description and presents how a network function service interface can be designed and realized using the C++ programing language features. Then, how the network functions of the 5GC service framework can be modeled and visualized using the Unified Modelling Language (UML) in association with the C++ class diagram is presented. The usages of the C++ standard template library (STL) classes are also presented, which can be used as the data structures of the 5GC network functions and their instances. Data types of the information elements used by 5GC network function services and their application programming interfaces (APIs) are also covered in this chapter. Further, the conceptual software architecture of the Next-Generation Radio Access Network (NG-RAN) and 5GC will be also described. The definition of a profile of a network function, its services, as well as the design of the 5GC service interface through sample software code shall also be described from the LLD point of view.

21.1 ­Design of 5GC Service Interface and Its Operations As described in Chapter  20, in 5GC service-based architecture framework, a network function exposes its services and operations to other network functions through different service interfaces. Each network function provides several services and their interfaces through which a consumer network function consumes different services. For example, the Network Repository Function (NRF) provides services – nnrf-nfm and nnrf-disc – for network function management and discovery services to other consumer network functions. Further, a network function service interface provides service operations, in terms of request and response procedure, under it.

Mobile Communications Systems Development: A Practical Introduction to System Understanding, Implementation, and Deployment, First Edition. Rajib Taid. © 2021 John Wiley & Sons Ltd. Published 2021 by John Wiley & Sons Ltd.

474

Mobile Communications Systems Development

As far as the design, development, and implementation of a network function and its service interfaces and its operations are concerned, C++ programming language features such as the abstract class and inheritance can be used, as described in the next section.

21.2 ­Design of 5GC NF Service Interface Using UML and C++ Class Diagram The 5GC network function (NF) service interfaces and their operations can be modeled and visualized using the general-purpose UML. A UML model consists of several diagrams using which the structure and behavior of a system can be prepared. One such diagram is the class diagram which consists of different classes, representing the different aspects or entities or functional building blocks of a particular system along with the appropriate relationship and interactions among the classes. Such diagrams are drawn with proper nomenclatures which are part of a UML modeling technique. Thus, using a UML class diagram, a simplified software system design blueprint for the entire 5GC network functions, their instances, services, operations, and interactions can be modeled. Such a representational model would help in visualizing the entire 5GC and its expected behavior and also provides enough relevant information to a developer. Correct modeling of a system using the UML method is important, as it would lead to its proper implementation as well as achieve the expected system behavior at the end. Different network functions are the building blocks for the 5GC service-based network architecture. Such a building block or a network function can be represented through a C++ class. Also, an instance of a network function can be represented through an instance of the corresponding network function class. Further, the service interfaces and their operations of a network function can be designed and realized by using the central features of the C++ programming language. One such feature is the usages of abstract class along with pure virtual functions in it. Such abstract classes can be modeled and defined to realize each service interface, and its operations, exposed by a particular network function. A consumer network function can consume such interfaces and their services by deriving/inheriting itself from the interested abstract classes which provide the desired services. For example, consider the NRF network function which acts as the registration and authorization server in 5GC service-based architecture framework. Every network function is required to register with as well as authorized by the NRF. The interfaces for the network function management and discovery services provided by NRF can be designed using the C++ abstract classes – Nnrf_NFManagement and Nnrf_NFDiscovery – with their service operations such as the register, update, deregister, and discover, which can be declared as pure virtual functions in it. Other network functions and their classes can derive themselves from these abstract classes of NRF. The derived/inherited classes of the other network functions shall implement the virtual functions of the abstract base classes of NRF along with network function-specific functions/information elements. Using the UML class diagram nomenclature, the design and usages of C++ abstract classes to implement service interfaces of NRF are illustrated in Figure 21.1. A UML class diagram contains the class name, attributes, and methods, e.g. service operations. Further, other derived classes of network functions, such as Access and Mobility Management Function (AMF), and Session Management Function (SMF) can also define and implement network function-specific tasks such as initialization and startup procedure, as illustrated in Figure 21.1. Note that the inheritance or “is a” relationship that exists between the base class and its derived classes are also shown in Figure 21.1. Each network function of the 5GC service-based framework provides certain services to other network functions. Figure 21.2 illustrates the “Has-a” relationship, with cardinality 1 and 1..*, between network function and its service class using the composition diagram of UML. A UML composition and “Has-a” relationship are represented through a filled “diamond”; Figure 21.2. C++ classes with appropriate relationships, such as is-a, and has-a, among them are required to be modeled and defined through UML to represent various resources of the 5GC service-based architecture framework. A

5G System: Low-level Design

NRF Services Nnrf_NFDiscovery

Nnrf_NFManagement –Attributes +virtual void NFRegister () =0

Abstract Base Class

: –Attributes +virtual void NFDiscovery ()=0; +virtual ~Nnrf_NFDiscovery();

+virtual ~Nnrf_NFManagement is a Inheritance

is a Inheritance

class Other-NF: public Nnrf_NFManagement, Nnrf_NFDiscovery –Attributes +NFRegister();// Implement base class virtual function +NFDiscovery ();//Implement baseclass virtual function +init(); //e.g Network Function (NF) Specific initialization tasks +start();//e.g. Network Function (NF) Specific start procedure ~destructor();//Implement class destructor Figure 21.1  Illustration: design of NF service interface using UML/C++ class diagram.

Network Function Attributes Operations

1

1..* Composition

Network Function Service Attributes Operations

Figure 21.2  Illustration: UML composition with “Has-a” relationship class diagram relationship.

proper representational relationship between the participating classes is important for the expected behavior of the concerned network functions at runtime. Also, appropriate data structures shall be required to be selected to store the objects of different classes as modeled and designed using the UML and C++ class diagram illustrated above. The selection of an appropriate data structure is important from the performance point of view also for each of the 5GC network functions. One such data structure which is called the Standard Template Library (STL) is described below.

21.3 ­Usages of C++ Standard Template Library (STL) For faster LLD and implementation of the different network functions of the 5GC service framework architecture, the STL of the C++ programming language can be used. STL is a set of C++ template classes that comprise containers, algorithms, and iterators. An STL container is nothing but a C++ object that stores information of a logical or physical object. STL template classes are generic and provide common and powerful data structures and operations for ease of storage, retrieval, i.e. search, and update of information of user-defined data types such as C- structures or C++ classes. STL template classes can be also used to store information on standard data types

475

476

Mobile Communications Systems Development

such as integer and string. Thus, by using C++ STL, a considerable portion of the overall time and effort required to develop the 5GC network functions can be saved. STL provides different kinds of containers, in terms of data structures, such as the list, vector, set, map, and multimap, using which data of a user-defined or standard type can be stored. Each one of these data structures stores information in a different way and also provides different functionalities/operations to manage, navigate, and retrieve the stored information. Depending on how data is stored in memory, an STL container can be sequential, e.g. array, or associative, i.e. key-value, in nature. An appropriate container shall be required to be chosen accordingly. Usages of STL containers are especially helpful as far as the runtime growing memory requirements for storing of information are concerned. For example, consider an array. The size of the array is fixed, which is determined at compile time, and there is no provision for its size to grow during the runtime of a program. STL, on the other hand, takes care of such runtime growing memory requirements and adjusts/manages the size of a particular data structure automatically, which is used to store information of logical or physical objects. STL algorithms can be used for different purposes, such as the sorting, searching, count, find, maximum, and minimum, on the information stored in container classes. Such algorithms are becoming handy and helpful at different times of operation of a network function. An STL iterator is like a pointer using which navigation through a collection of objects stored in a container can be performed. Further, using an iterator, an STL algorithm can update or manipulate the data stored in container classes and its object which is being pointed by the iterator. The usage of STL classes to store 5GC network functions is illustrated later in Section 21.5.

21.4 ­Software Architecture for 5G System Software architecture, organization, execution model, i.e. pipelining, run-to-completion, and choice of a platform for design and developments of a mobile communication system were described earlier in Chapter 18. In this section, a brief on the software architecture for the 5G system shall be described further, considering its overall system architecture.

21.4.1  NG-RAN Logical Nodes Software Architecture As described earlier in Section 16.4, the NG-RAN architecture contains logical nodes in terms of one central unit (CU) node, i.e. gNB-CU-CP, and multiple gNB-CU-UP nodes and multiple distribution units (DU) nodes. Multiple instances of a gNB-DU as well as gNB-CU-UP nodes, can be run to serve one or multiple cells by a gNB. The CU node performs control plane-related functions and procedures, whereas the DU nodes perform the user plane functions and procedures such as User Equipment (UE) scheduling, resource allocation, and data transfer. Based on the above logical nodes of an NG-RAN, a prototype of its software system may be developed and simulated to test the performance of such architecture. The NG-RAN/gNB software system architecture will comprise the following groups: ●●

●● ●●

Centralized control plane group consisting of the Radio Resource Control (RRC) and Packet Data Convergence Protocol (PDCP) layer; Centralized data plane group consisting of the Service Data Application Protocol (SDAP) and PDCP layer; and DU group consisting of the Radio Link Control (RLC), Medium Access Control (MAC), and physical layer.

Between two logical groups, the communication shall take place based on the defined interfaces, i.e. F1 or E1, between them, as described earlier in Section 16.4. Between two protocol layers, the communication shall take place through Service Access Point (SAP). Several aspects of the software architecture of NG-RAN and its logical nodes are described below:

5G System: Low-level Design

CPU Core Assignments Deployment hardware platform-wise, an embedded system with a multicore processor will be more suitable for design development and deployment of an NG-RAN. On an embedded system with a multicore processor, an NG-RAN system designer can take full control of the functionalities provided by its software development kit (SDK) in terms of allocation and management of various hardware resources, i.e. cores, memory, registers, interrupts, network interfaces special hardware units, coprocessor, and so on. On a multicore processor board, CPU core assignments can be made based on the following factors at a high level:

●●

–– Control plane path –– Data plane path –– NG-RAN slice specific To support different network slices, the available DU cores may be further partitioned into NG-RAN slice-specific cores. Figure 21.3 illustrates a conceptual software system architecture for the NG-RAN and its 3GPP standardized slices of a 5GS for its realization on an embedded system with a multicore processor. Only a few cores are illustrated. There are commercial multicore processors with 16, 32, or 64 cores. An NG-RAN system can be designed and developed accordingly.

NG-RAN Multi-core Processor CU

Control Plane …… OS

gNB-CU-CP

gNB-CU-UP

gNB-CU-UP

Core: 0

Core: 1

Core: 2

Core: 3

……

gNB-DU

Core: 4

Core: 5

Core: 6

DL

UL

DL

UL

mIoT

gNB-DU

URLLC

gNB-DU

DL

……

UL

Data Plane

DU

eMBB

IP

IP

Packet Exchange

Packet Exchange

BTS

BTS

Packet Exchange

BTS

Figure 21.3  Illustration: software prototype architecture and cores assignment to logical units of NG-RAN slices of 5GS.

477

478

Mobile Communications Systems Development

Capacity sizing/dimensioning of Radio Network (RNW) resources of a base station has a close relationship with the available core counts of a multicore processor. RNW resources may be physical objects such as Physical Resource Block (PRB), a base transceiver station (BTS), a trans-receiver (TRX), a timeslot, or a logical object such as a Virtual Resource Block (VRB). RNW resources are also identified from the related technical specifications of NR air interface protocol layers, e.g. RRC layer TS 38.331 [116] and physical layer 38.21x series. An RNW resource may be identified through a suitable parameter name. Typical capacity sizing of all the RNW parameters may be considered while designing the NR air interface control plane and data plane paths, and the number of cores is allocated accordingly for transmission and reception of packets between UE and NG-RAN and vice versa. Example 21.1 illustrates the typical sizing and allocation of maximum capacity of radio network resources to the per core of a CPU.

Example 21.1  Radio Network (RNW) Resources Sizing and Cores Allocation As an example, the maximum number of RNW resources to be handled by a core to process air interface user packets in uplink and downlink directions may be dimensioned as illustrated below: a)  Maximum number of physical resource blocks in the NR: NPRB = 275 (table 5.3.2-1, TS 38.104 [103]); b)  Maximum number of subcarriers: NSC = 3300 (NPRB x12); c)  Maximum number of gNB-DU cores: NCORE = N (as per availability of cores on processor); d)  Maximum number of PRB per gNB-DU core: NPRBCORE =  NPRB/NCORE; e)  Maximum number of subcarriers per gNB-DU core: NSCCORE =  NSC/NCORE; f)  Maximum number of TSLs per gNB-DU core: NTSLCORE = 10 *32 = 320 for SCS: 480 KHz.

Above typical sizing, parameters are to be used during the software design and implementation phase to create necessary logical objects for each physical (e.g. a TRX representing a subcarrier) or logical (e.g. VRB) resource so that a gNB supports the maximum system capacity being dimensioned. Allocating more RNW resources, to process by a core, than the typical maximum sizing/dimensioned limits as illustrated above would be reported as an error. Accordingly, processor cores will be required to be allocated based on an actual RNW resource being provisioned in a particular gNB. ●●

Performances

Performances of the prototype design of an NG-RAN and its logical nodes can be simulated and measured against expected benchmarks. Typical benchmarks to be evaluated can be as follows: –– End-to-end latency in the control plane, data plane, resources assignments –– Maximum theoretical data throughputs, and so on, per network slice Further information on the minimum technical performance requirements in the case of the 5G system as defined by the International Telecommunication Union—Radio communications sector (ITU-R) can be found in their report ITU-R M.2410. For example, the IMT-2020 vision [9], as defined by the ITU-R, has the requirements for the 5G New Radio (NR) system to support a peak data rate of 20 Gbps in downlink and 10 Gbps in uplink for a UE. The theoretical maximum data throughput to be supported by the 5G NR can be simulated and computed based on the combinations of the following factors, as described in TS 38.306 [112]: 1) A maximum number of component carriers (#16) in case carrier aggregation is used 2) Scaling factor 3) Number of layers 4) Modulation and coding scheme 5) Different subcarrier spacings

5G System: Low-level Design

6) Different operating frequency bands for FR1 and FR2 7) Transmissions bandwidth from 5 to 400 MHz 8) Overheads due to various reference signals ●●

Runtime Choices

An SDK of a multicore embedded system may provide different runtime choices also to run applications differently. Each runtime choice may have different overheads in terms of processor time, memory requirements, and so on. Accordingly, an appropriate runtime choice may be selected for a particular network function depending on its nature and role. For example, an instance of gNB-DU can be just run as a standalone instance on a particular core. An instance of gNB-CU-CP can be run along with an operating system on a particular core. Alternatively, an application per core may be also run. A standalone application will run faster than the application being run with an operating system as there will be overhead associated with scheduling by the operating system. Accordingly, a system designer can partition and assign the available cores to different logical units of NG-RAN as mentioned above. ●●

Event-Driven Vs. Interrupt-Driven Packet Processing

Further, information packet processing by a core may be based on either an event-driven or polling-based or interrupt-driven method. An event-driven or polling-based method of packet processing is more efficient than the interrupt-driven method. In the case of the polling method, a core executes and completes a task when it is available; when there is no work to do, a core keeps looking or looping for a work. In the case of the interrupt-driven method of packet processing, there may be a time delay between the arrival of a packet and its actual time of notification to a core. Accordingly, an appropriate runtime packet processing method may be used for a particular core.

21.4.2  5GC Software Architecture As described earlier in Section 20.2, a 5GC is built on the service-based architecture which consists of multiple network functions as well as multiple instances of a network function that can be run to meet the requirements of different use cases and network slices of 5GS. For example, separate SMF may be run for each network slice. Similarly, separate UPF may be run to transfer user traffic between a UE and its data network. Figure  20.18 shown earlier illustrates the software system architecture of the 5GC for its realization on a virtualized hardware platform with a multicore processor. Here, more cores are assigned to handle user plane data traffic at the 5GC end. The UPF network function, i.e. application software, is being run on 4 cores, resulting in a parallel packet processing to transfer user plane data or to provide redundant transmissions paths for user plane data, i.e. duplicating the user plane data of a PDU session of a service that belongs to a use case such as an Ultra Reliable and Low-Latency Communications (URLLC) service. Good software architecture and design should provide more scalability, represented by dots in Figure 20.18, in terms of provisioning of adding more cores, to meet growing demands of high data throughput requirements or provision of new services over time. If a prototype simulation result does not meet the expected performances of the NG-RAN or 5GC, the overall software architecture along with their core assignments must be revisited as part of an iterative system design round or process on a given multicore platform.

21.5 ­Data Types Used in 5GC SBI Communications In this section, typical data types used in 5GC services-based interface (SBI) communications shall be covered. As part of 5GC service-based architecture, network functions communicate with each other through their service interfaces and their APIs over the HTTP. Network functions and their application protocol-specific information

479

480

Mobile Communications Systems Development

are passed as a payload over the HTTP. Such application protocol-specific communications which are made through network function service APIs contain information elements of different types. Data types of information elements and their contents, used by each service API and its operations, are described pretty clearly by the corresponding technical specification. In general, the type of information element or data passed using an API for a particular service operation is classified into the following categories: –– Simple, primitive, or basic data types such as the integer, Boolean, and string type; –– Enumeration type: Usages of enumeration type over preprocessor using #define are preferred as the compiler can perform a data type check over an enumerated data; –– Structured type, which can contain simple, enumerated type also. Protocol information, such as UE context, mobility and session context and network function instance profile, is packed into a structured type and passed as a payload through HTTP from a source to a destination network function. Common data types for information elements used in the 5GC service framework API-based communications are defined in the 3GPP TS 29.571 [78]. Such simple or primitive data types used in the 5GS conform to the open API standard specification. In addition to this, the data types for other information elements that are specific to a particular network function service/API are defined by the corresponding technical specification, i.e. 3GPP TS 29.5xx [78] series. For data types that are readily available and defined by such technical specifications can be converted into an LLD for their implementation through a computer program. Definitions of such data types are illustrated below, starting from the simple or primitive type, in the form of sample software code. To illustrate the 5GC NF service interface design using the C++ class diagram shown in Figure 21.1, the definition of abstract classes and their usages are also provided through sample software code. ●●

Type definition of some of the simple data type for generic usages typedef typedef typedef typedef typedef typedef typedef

●●

string Mnc, Mcc; string Uri; unsigned integer Uint32; string Ipv4Addr, Ipv6Addr; string Bytes , Binary. String Date, DateTime. Unsigned integer PduSessionId

Definition of common enumeration data type

/* Define the enumeration type for the status of a network function and its services */ enum NFStatus_NFServiceStatus{REGISTERED,SUSPENDED,UNDISCOVERABLE}; /*Define the enumeration type for UE PDU session creation request type */ enum RequestType {"INITIAL_REQUEST","EXISTING_PDU_SESSION","INITIAL_EMERGENCY_ REQUEST","EXISTING_EMERGENCY_PDU_SESSION"}; /*Define the enumeration type for UE PDU session update, i.e. modification, release and so on, request type */ enum RequestIndication {"UE_REQ_PDU_SES_MOD","UE_REQ_PDU_SES_REL","PDU_SES_ MOB","NW_REQ_PDU_SES_AUTH","NW_REQ_PDU_SES_MOD","NW_REQ_PDU_SES_REL","EBI_ ASSIGNMENT_REQ"}; /*Define the enumeration for different types, i.e. 21, of network functions */ enum NFType{NRF,UDM,AMF,SMF,AUSF,NEF,PCF,SMSF,NSSF,UDR,LMF,GMLC,EIR_5G,SEPP,UP F,N3IWF,AF,UDSF,BSF,CHF,NWDAF}; /*Define the enumeration type for different services, around a total of 32, of each network functions. Refer to table 6.1.6.3.11-1, TS 29.510 [76] */

5G System: Low-level Design

enum NFService{NNRF_NFM, NNRF_DISC,……………..}; /*Define the enumeration type for URI scheme */ enum scheme {http, https); ●●

Definition of a public land mobile network

/*Public Land Mobile Network: used in GSM, GPRS, UMTS, LTE and 5G system */ typedef struct /* Definition of a PLMN structure */ { Mnc mobile_country_code; Mcc mobile_network_code; } plmn_type; ●●

Definition of structure – problem details – that can be used as a data type to report HTTP error cause code and its reason

typedef struct {//TS 29.571 [78] string param; string reason; }InvalidParameter;//Structure for Invalid Parameter typedef struct {//TS 29.571 [78] string type; string title; Uint32 status; string detail; string instance; string cause; InvalidParameter InvalidParam; } ProblemDetails; //Structure for ProblemDetails report ●●

Definition of a NFProfile structure, containing some of the Information Elements (IEs) of a network function profile, which is used as part of network function management service; refer to TS 29.510 [76].

typedef struct {//Beginning of Definition of Network Function Profile Structure string nfInstanceID; NFType nfType; NFStatus nfStatus; string nfInstanceName; UINT32 heartBeatTimer; PlmnId plmnList[]; Fqdn fqdn; // fqdn is a string type Fqdn interPlmnFqdn; Ipv4Addr ipv4Addresses; Ipv6Addr ipv6Addresses; NFService nfServices[]; ....... //Define the common helper member functions to set/read the IEs of a Network function Profile

481

482

Mobile Communications Systems Development

void SetnfInstanceID(string nfinstanceid) {//For Register/Deregister/Update a NF instance nfInstanceID = nfinstanceid; ............. }///// void SetNFType(NFType nftype) { nfType = nftype; ............. }//////// void SetNFStatus(NFStatus nfstatus) { nfStatus = nfstatus; ............. }/////// void SetnfInstanceName(string nfinstnacename) { nfInstanceName = nfinstnacename; ............. }///// void SetHeartBeatTimer(string nfHeartbeattimer) { heartBeatTimer = nfHeartbeattimer; ............. }///// typedef struct {//Beginning of Definition of Network Function Profile Structure string nfInstanceID; NFType nfType; NFStatus nfStatus; string nfInstanceName; UINT32 heartBeatTimer; PlmnId plmnList[]; Fqdn fqdn; // fqdn is a string type Fqdn interPlmnFqdn; Ipv4Addr ipv4Addresses; Ipv6Addr ipv6Addresses; NFService nfServices[]; ....... //Define the common helper member functions to set/read the IEs of a Network function Profile void SetnfInstanceID(string nfinstanceid) {//For Register/Deregister/Update a NF instance nfInstanceID = nfinstanceid; ............. }/////

5G System: Low-level Design

void SetNFType(NFType nftype) { nfType = nftype; ............. }//////// void SetNFStatus(NFStatus nfstatus) { nfStatus = nfstatus; ............. }/////// void SetnfInstanceName(string nfinstnacename) { nfInstanceName = nfinstnacename; ............. }///// void SetHeartBeatTimer(string nfHeartbeattimer) { heartBeatTimer = nfHeartbeattimer; ............. }///// //..continued from previous page.. void SetServicesName(NFService Services[]) {//list of services prvided by a network function nfServices = Services; ............. }///// }NFProfile;//End of Definition of Network Profile Structure ●●

The definition of an NFService structure containing some of the IEs of a network function service instance, which is used as part of the network function profile defined above, is defined below. Like the NF profile, each NF service instance is assigned a unique instance identifier, which is also a Universally Unique Identifier (UUID). Refer to TS 29.510 [76] for more details on IEs of the NFService structure.

typedef struct {//Beginning of Definition of Service Instance Structure string serviceInstanceId; ServiceName serviceName; NFServiceVersion versions; UriScheme scheme; NFServiceStatus nfServiceStatus; ....... //Define the common helper member functions to set/read the IEs of a Network function Profile void SetnfServiceInstanceID(string nfServinstanceid) {//For Register/Deregister/Update a NF instance serviceInstanceId = nfServinstanceid; ............. } NFService; //End of Definition of NF Instance Structure

483

484

Mobile Communications Systems Development

typedef struct {//Beginning of Definition of Service Instance Structure string serviceInstanceId; ServiceName serviceName; NFServiceVersion versions; UriScheme scheme; NFServiceStatus nfServiceStatus; ....... //Define the common helper member functions to set/read the IEs of a Network function Profile void SetnfServiceInstanceID(string nfServinstanceid) {//For Register/Deregister/Update a NF instance serviceInstanceId = nfServinstanceid; ............. } NFService; //End of Definition of NF Instance Structure typedef struct {//Beginning of Definition of Service Instance Structure string serviceInstanceId; ServiceName serviceName; NFServiceVersion versions; UriScheme scheme; NFServiceStatus nfServiceStatus; ....... //Define the common helper member functions to set/read the IEs of a Network function Profile void SetnfServiceInstanceID(string nfServinstanceid) {//For Register/Deregister/Update a NF instance serviceInstanceId = nfServinstanceid; ............. } NFService; //End of Definition of NF Instance Structure ●●

Definition of a SubscriptionData and NotificationData structure, containing the IEs of an event subscribed by a network function, which is used as part of network function management service; refer to TS 29.510 [76]

typedef struct { Uri nfStatusNotificationUri; //Uri is a string type ....... }SubscriptionData;//End of Definition of Network Profile Structure //Define a NotificationData structure containing the status of Network function. Refer to TS 29.510 [76] typedef struct { NotificationEventType event; //NotificationEventType is enumeration type }NotificationData;//End of Definition of Network Profile Structure

5G System: Low-level Design ●●

Definition of abstract class – Nnrf_NFManagement – as the pure interface for the network function management service of NRF; refer to TS 29.510 [76]. The abstract class Nnrf_NFManagement declares pure virtual functions such that they can be used as an interface to access the network function management service of NRF by other network functions. The virtual functions shall be implemented by the derived classes of the respective network functions. Note that NF instance-specific parameters, e.g. UDRInfo, AUSFInfo, and UDMInfo, are to be defined at the derived class of a particular network function. Some typical helper member functions, e.g. get and set, to read/write general/ mandatory parameters of NF Instances are also illustrated through sample code below:

class Nnrf_NFManagement //Abstract Class for NF Management Service of { //Pure virtual functions for Request operation only. public: virtual void NFRegister(NFProfile nfProfile)=0; virtual void NFUpdate(NFProfile nfProfile)=0; virtual void NFDeRegister(string nfInstanceid)=0;

NRF

virtual void NFProfileRetrieval(string nfInstanceid)=0; virtual void NFStatusSubscribe(SubscriptionData subscriptionData)=0; virtual void NFStatusNotify(NotificationData notificationData)=0; virtual void NFStatusUnSubscribe(string subscriptionid)=0; };//End of Nnrf_NFManagement ●●

Definition of abstract class – Nnrf_NFDiscovery – as the pure interface for the network function discovery service of NRF; refer to TS 29.510 [76]. NF instance-specific parameters are to be defined at the derived class of the specific network function.

class Nnrf_NFDiscovery { //Define the IEs used by the Network Function Discovery Service of NRF. Refer to TS 29.510 [76]. protected: NFType targetNFtype; NFType requesterNFtype; NFProfile nfProfile[]; //Pure virtual functions: Request/Response public: virtual void DiscoveryRequest(NFType targetnftype, NFType reqNFtype)=0; virtual void DiscoveryResponse(NFProfile nfprofile[])=0; ............. void SetTargetNFType(NFType nftype) {//For discovery of a NF instance targetNFtype=nftype; ............. }//// void SetRequestingNFType(NFType nftype) {//For discovery of a NF instance requesterNFtype=nftype;

485

486

Mobile Communications Systems Development

............. }/// };//End of Nnrf_NFDiscovery ●●

Definition of abstract class – Nnrf_AccessToken – for access token allocation service of NRF to other network function; refer to TS 29.510 [76].

class Nnrf_AccessToken { //Defining the Mandatory and Conditional IEs of Access Token //Request/Response used by the Network Function Access token Service protected: AccessTokenReq accessTokenReq; AccessTokenRsp accessToken;//contains JSON Web Token //Pure virtual functions public: virtual void AccessTokenRequest(AccessTokenReq accessTokenRequest)=0; virtual void AccessTokenResponseAccessTokenRsp accesstoken )=0; void SetAccessTokenRequesting(AccessTokenReq token) {//For authorization of a NF instance accessTokenReq= token; ............. }// };//End of Nnrf_AccessToken The NRF abstract classes – Nnrf_NFManagement, Nnrf_NFDiscovery, and Nnrf_AccessToken – defined above can act as the service interfaces for the other network functions of 5GC. Consider that the Access and Mobility Management (AMF) network function desires to use the different services of NRF and their operations through these interfaces. To accomplish this, an AMF class can be derived from these abstract base classes, as illustrated below: class AMF: public Nnrf_NFManagement, Nnrf_NFDiscovery, Nnrf_AccessToken { private: //Define AMF specific member variables/IEs string nfProfile.nfInstanceID; public: //Implement the virtual functions outside the class void NFRegister(NFProfile nfProfile); void NFUpdate(NFProfile nfProfile); void NFDeRegister(string nfInstanceid); void NFProfileRetrieval(string nfInstanceid); void NFStatusSubscribe(SubscriptionData subscriptionData); void NFStatusNotify(NotificationData notificationData); void NFStatusUnSubscribe(string subscriptionid); void DiscoveryRequest(NFType targetnftype, NFType reqNFtype); void DiscoveryResponse(NFProfile nfprofile[]); void AccessTokenRequest(AccessTokenReq accessTokenRequest); void AccessTokenResponseAccessTokenRsp accesstoken);

5G System: Low-level Design

............. Virtual ~AMF(); void initialization (…);//Initialize AMF NF void startAMF(…);//start the NF //Declare AMF specific member functions }; The AMF class implements the above virtual functions, i.e. NRF services operations, in actual, as illustrated below: //NRF: NF Management Service and its operations- Only Request Part void AMF::NFRegister(NFProfile nfProfile) { nfProfile.nfInstanceID=GenerateUUID();//External function to generate UUID and assigned to NF instance ID nfAMFInstanceID = nfProfile.nfInstanceID; ............. //CALL HTTP PUT passing the nfProfile } //Update an AMF instance to NRF void AMF::NFUpdate(NFProfile nfProfile) { ............. //CALL HTTP PUT passing the nfProfile } //DeRegister an AMF instance from NRF void AMF::NFDeRegister(string nfInstanceid) { ............. //CALL HTTP DELETE passing the nfInstanceid of Network function instance } //Retrieve an AMF instance from NRF void AMF::NFProfileRetrieval(string nfInstanceid) { ............. //CALL HTTP GET passing the nfInstanceid of Network function instance } //Subscribe events to be notified from NRF void AMF::NFStatusSubscribe(SubscriptionData subscriptionData) { ............. //CALL HTTP POST passing the subscriptionData containing the event } //Process Subscribed events notified from NRF void AMF::NFStatusNotify(NotificationData notificationData) { ............. //Process Subscribed events notified from NRF using the HTTP POST }

487

488

Mobile Communications Systems Development

//Cancel subscription of an event subscribed earlier to NRF void AMF::NFStatusUnSubscribe(string subscriptionid) { ............. //CALL HTTP DELETE passing the subscriptionid of subscribed event } /////NRF NF Discovery Service and its operations void AMF::DiscoveryRequest(NFType targetnftype, NFType reqNFtype) { ............. //CALL HTTP GET to discover the Network functions instances and their services offerings } void AMF::DiscoveryResponse(NFProfile nfprofile[]) { ............. //Process the network functions instances and their services offerings returned by the NRF } /////NRF NF Access Token Allocation Service and its operations void AMF::AccessTokenRequest(AccessTokenReq accessTokenRequest) { ............. //CALL HTTP POST to make Access Token Request to the NRF } void AMF::AccessTokenResponse(AccessTokenRsp accesstoken) { ............. //Process the Access token returned by the NRF } ●●

Usages of STL container to store network function information

As mentioned briefly earlier in Section 21.2, STL provides different types of data structures to store, update, and retrieve information efficiently with runtime memory management of its own. Consider the STL associative container map for storing of network function profile and network function instance. The following structure/C++ classes were defined earlier. –– NFProfile, a C-structure containing information of a network function profile –– NFService, a C-structure containing information of a network function service –– AMF, a C++ class representing the AMF network function The network function information mentioned above can be stored through a map data structure, which is an associative container provided by the STL, as illustrated below: void storeNF(string nfInstanceID,…..)//Store NF instances in map { map< nfInstanceID, NFProfile> nfProfile;//declare map container map::iterator itr; //declare map iterator NFProfile abc;

5G System: Low-level Design

abc.nfInstanceID=nfInstanceID;//UUID ............. nfProfile[abc.nfInstanceID]=abc; //store NF profile: abc in STL map for (itr= nfProfile.begin(); itr!= nfProfile.end(); ++itr) { cout nfAMF;//declare map container: nfAMF AMF abc;//instantiate AMF NF instance Abc.nfAMFInstanceID =”12345……abcd”; //UUID nfAMF[Abc. nfAMFInstanceID]=abc; //store AMF NF instance: abc in map In the typical illustration shown above, the network function instance identifier, i.e. nfInstanceID or nfAMFInstanceID, is being used as the key for the value of user-defined type NFProfile or AMF. These user-defined types are stored in the respective STL map container, i.e. nfProfile or nfAMF. The usages of an iterator of the map container are also illustrated to navigate through the collection of network function instances and print the instance identifiers. Similarly, each service provided by a network function has its service instance identifier. The service instance identifier serviceInstanceId is being used as the key for the value of user-defined type NFService being stored in its STL map container nfService, as illustrated below: map< serviceInstanceId, NFService> nfService;//declare map container NFService abc; Abc.serviceInstanceId=”12345……abcd”; //UUID nfService[Abc.serviceInstanceId]=abc; //store NF Service: abc in map A standard/primitive data type, e.g. int., string, or user-defined value/data type, e.g. structure or class, is stored against a corresponding key in an STL map container as illustrated above. However, if an object of a class is stored in a map container, then certain overloaded operators, such as the comparison operator, equal operator, copy, and default constructors, are to be provided as part of the class definition. Providing such customized overloaded operator functions ensures the expected behavior of a network function at runtime. ●●

Definition of 5GC Quality of Service (QoS)

A QoS rule consists of, among other things, a QoS flow identifier (QFI), the number of packet filters to be used, and a list of packet filters and their purposes, i.e. create, delete, or modify a QoS rule. A QFI identifies a QoS flow description that contains the QoS-related parameters, as illustrated below: /* Refer to TS 24.501 [47] */ #define 5GS_MAX_SESSIONS 0XFF /*----Define QoS rule identifier--- */ #define QRI 0x0 /* No QoS identifier Assigned */ #define QRI1 0x1 .................... #define QRI255

0xFF

/*---Define QFI----------------------*/ #define QFI 0x0 /* No QFI identifier Assigned */ #define QRF1 0x1 ............. #define QRF63

0x3F

489

490

Mobile Communications Systems Development

/*---Define Packet filters----*/ #define PFI0 0x0 ............. #define QRF15

0xF

/* --------Define 5GS PDU Session Types-- */ #define #define #define #define

IPV4_SESSION_TYPE IPV6_SESSION_TYPE IPV4V6_SESSION_TYPE EHERNET_SESSION_TYPE

0x1 0x2 0x3 0x5

Typdef struct{/* QoS flow Description */ uchar qfi;/ * QFI: 6 bits */ uchar opcode;/ * operation code: 3 bits */ uchar num_paramet;/ * number of parameters*/ qfi_param param[]; }qfi_flow_description; Typdef struct{/*define QFI parameter */ uchar param_id; uchar param_value; }qfi_param; /* define param_id */ #define 5QI 0x1 #define GFBR_UPLINK 0x2 ............. #define ●●

EPS_BEARER_ID 0x7

Network slice-related definitions

/*Define Network Slice Type and Value: TS 23.501 [40]*/ #define NS_SST_eMBB 1 #define NS_SST_URLLC 2 #define NS_SST_mIoT 3 #define NS_SST_V2X 4 /* Refer to TS 24.501 [47] */ Typedef struct{ char iei_type:4; char spare:1 char spare:1 char dcni:1; / * Default configured NSSAI indication */; char NSSCI:1; / * Network slicing subscription change indication*/ }NSI_t; /* Network slicing indication*/ #define MAX_ALLOWED_NSSAI 8 #define MAX_CONFIGURED_NSSAI 16

5G System: Low-level Design

#define SD_RESEREV 0xFFFFFF typedef struct{ string amfid;/*Associated AMF identifier */ string tac; ;/*Associated TAC */ PlmnId plmnid; ;/*Associated PLMN identifier */ char sst_type; char sd[3];/* optional */ char mapped_hplmn_sst;/* optional */ char mapped_hplmn_sd[3];/* optional */ } s_nssai_t; typedef struct{ s_nssai_t s-nssai[MAX_ALLOWED_NSSAI]; } NSSAI_allowed; typedef struct{ s_nssai_t s-nssai[MAX_CONFIGURED_NSSAI]; } NSSAI_configured; typedef strcut { char rejected_s-nssai:4; char reject_cause:4; NSSAI_allowed rejected_NSSAI; }rejected_s-nssai_t; Typedef struct{ char iei_type4; char spare:1 char spare:1 char nim:2;/ * NSSAI inclusion mode; }NSSAI inclusion mode; ●●

5G mobility management and session management-related definitions

/*Define

5G MM and SM NAS Layer messages*/

/* 5GS mobility management messages: TS 24.501 [47]*/ #define REGISTRATION_REQUEST 0X41 #define REGISTRATION_ACCEPT 0X42 #define REGISTRATION_COMPLETE 0X43 /* 5GS session management messages*/ #define PDU_SESSION_ESTABLISHMENT_REQUEST 0XC1 #define PDU_SESSION_ESTABLISHMENT_ACCEPT 0XC2 #define PDU_SESSION_AUTHENTICATION_COMMAND 0XC5 #define PDU_SESSION_AUTHENTICATION_COMPLETE 0XC6

­Chapter Summary This chapter presented some of the important aspects of the LLD requirements of 5GC functions. As described earlier in Chapter 18, the development platform, language, and tools have to be chosen depending on the requirements of a particular system and its applications. As far as the 5GC architecture and its network functions are concerned, the C++ programming language is found to be the appropriate development language for their

491

492

Mobile Communications Systems Development

implementation and realization along with a suitable modeling tool such as the UML. Using a modeling language, the expected behaviors or functionalities and interactions by a network function can be visualized through different building blocks, e.g. a C+ class diagram, object diagram, and so on with appropriate relationships among the building blocks. Services produced/exposed and consumed by a particular network function may be modeled as the operations or methods supported by the C++ class. A network function service interface may be represented through an interface provided by a C++ class. Further, a C++ class also allows code reusability, which is appropriate as far as the 5GC functions and their instances are concerned. This chapter also presented the usages of the STL, a powerful development tool/library, which reduces development time as well as provides ease of maintenance of 5GC network functions over time. A brief description of the multicore processor-based software architecture and system capacity and sizing aspects of NG-RAN and 5GC was also covered. This chapter also presented the definition of the typical profile of a network function through a sample C-structure derived from the concerned 3GPP technical specification. Design and implementation of network functions, their services, and interfaces through the abstract and derived class concept of C++ programming language were also presented.

493

22 3GPP Release 16 and Beyond ­Introduction The 5G system (5GS) has been described in Chapters 16–21 based on its first base Release 15 as defined by the 3rd Generation Partnership Project (3GPP). These chapters have attempted to provide overall concepts to the reader on the various key aspects of the 5G system, its use cases, and features such as the network slicing, network functions virtualizations, and so on, along with the architecture of its radio access network as well as the core network. Further, the protocol stacks and their different layers of the 5G New Radio (NR) air interface and core network have been described. Some of the important functions and procedures of the different protocol layers of 5G NR and their differences from the legacy Long-Term Evolution (LTE) system have also been described. In this chapter, a brief highlight of the various enhancements of existing features and the addition of new services or capabilities requirements, in terms of reliability, mobility, latency, and so on, added as part of the 3GPP Release 16 and Release 17 of the 5G system shall be described. Such enhancements and the addition of new features/capabilities spread across the different use cases as well as the radio access network and the core network of the 5G system.

22.1 ­5GS Enhancements as Part of Release 16 Some of the enhancements made, as part of 3GPP Release 16, in the existing features of Release 15 features of the 5G system are described below: ●●

●●

●●

Enhancement of the 5G core network to support enhanced Ultra Reliable and Low Latency Communications (URLLC) through redundant transmissions for high reliability, Quality of Service (QoS) monitoring, enhancement of session service continuity (SSC), and so on for new application areas or verticals. User plane redundant transmission paths may be realized in several ways, for example, by creating a redundant tunnel (N3) between the NG-RAN/gNB and a User Plane Function (UPF); or end-to-end redundant transmissions paths are created from a UE to a UPF based on UE dual connectivity; or by inserting an intermediate UPF (I-UPF) and creating redundant tunnels (N3 and N9) between NG-RAN/gNB and an I-UPF and between I-UPF and UPF. SSC was described earlier in Chapter 18. Enhancement of the physical layer to support more stringent reliability requirements for some services, such as Vehicle to Everything (V2X), under the URLLC use case. Enhancement has been introduced to the uplink and downlink control channels, physical uplink shared channel (PUSCH), and so on. Enhancement of multiple-input multiple-output (MIMO) system from increasing system capacity and multiple beam management points of view. Enhancements such as the enhanced Type-II codebook containing precoding matrix for multiuser MIMO, multiple transmission/reception point (TRP), i.e. 5G Base Station (gNBs),

Mobile Communications Systems Development: A Practical Introduction to System Understanding, Implementation, and Deployment, First Edition. Rajib Taid. © 2021 John Wiley & Sons Ltd. Published 2021 by John Wiley & Sons Ltd.

494

Mobile Communications Systems Development

●●

●●

●●

●●

transmissions, physical layer signal-to-noise and interference ratio (L1-SINR) measurement and reporting, and so on. In the NR Release 15, a User Equipment (UE) can report up to two layers as part of its Type-II Channel State Information (CSI) report to gNB, whereas the UE can report up to four layers in Release 16. As part of MIMO enhancement, a UE can expect to monitor a maximum of two Physical Downlink Control Channels (PDCCHs) (RRC IE: coresetPoolIndex) from two TRPs, i.e. gNB, for data reception over multiple PDSCHs. Similarly, UE performs beam failure recovery for a secondary cell (SCell) also. UE battery power saving by adapting dynamically, in its Radio Resource Control (RRC) CONNECTED, IDLE, and INACTIVE states, to different power saving features such as bandwidth part, usages of maximum MIMO layers, reducing of radio resources measurements, and so on. –– Enhancement of service-based architecture of the 5G core network. The enhancement allows an indirection communication mechanism, e.g. a message router, between two network functions of the 5G Core Network (5GC) through a Service Communication Proxy (SCP) network function. A 5GC consumer network function may pass on the task of the discovery of a producer network function to the SCP, which is called delegated discovery procedure within the 5GC in Release 16. In Release 15 5G core network, network functions can make direct communication with each other over HTTP. Further, the concepts of Network Function Set (NF Set) and Network Service Set, which consists of network function instances or network service instances of the same type, have been introduced as part of the 3GPP Release 16. Network function or service instances within an NF set or network service set have access to various context information, e.g. UE context information. Usage of AMF set (in Release 15) was illustrated earlier in Chapter  7/Section  7.1 and Chapter  16/ Section 16.9. 5GC was also enhanced to support better mobility of a UE whenever it moves out of its initial location. To handle such mobility requirements of UEs in a location where no user plane connectivity (i.e. N3 tunnel) exists between the serving NG-RAN/gNB and current User Plane Function (UPF), an intermediate Session Management Function (SMF) (I-SMF) and intermediate UPF (I-UPF) was added as part of the 5GC architecture in 3GPP Release 16. The I-SMF is inserted to ensure session continuity of the UE whenever the current SMF cannot control the I-UPF where the N3 tunnel terminates from the serving NG-RAN/gNB. Architectural enhancement to the 5G system to support V2X services for vehicular communications, which is already part of the legacy LTE/Evolved Packet System (EPS) system. Interworking between the 5G and LTE/ EPS for the V2X services will be also supported. Around 25 use cases of V2X vertical are being identified, such as vehicle platooning, to form dynamically a group of vehicles; vehicles coordinated communications using extended sensors for avoiding vehicle collision and traffic safety; and so on. A new network slice/service type (SST) = 4 was added as part of 3GPP Release 16 to support the V2X enhancement. Enhancement of network slicing for interworking between LTE/EPS and 5G system by enabling the 5G core Access and Mobility Management Function (AMF) network function to support all the data sessions of a UE from the source to the target system. Further, unlike Release 15, 3GPP Release 16 also allows AMF and SMF reallocation when a UE moves from LTE/EPS to the 5G system. In addition to this, an enhancement to perform per network slice-specific authentication and authorization requirement has been added. Provision for voice call continuity, through the Single Radio Voice Call Continuity (SRVCC), from the 5G NextGeneration Radio Access Network (NG-RAN) to the 3G UMTS terrestrial radio access network (UTRAN) and not vice versa will be supported. Support of the legacy SRVCC was not available in Release 15 of the 5G system. Voice call continuity from the LTE/EPS to the 3G system was described earlier in Chapter 6.

22.2 ­5GS New Features as Part of Release 16 Some of the new features for different application areas or verticals such as the industrial internet of things and electrical power distribution factory automatons that are being envisaged as part of the 3GPP Release 16 of the 5G system are described below:

3GPP Release 16 and Beyond ●●

Support for LAN-type services

5G system supports LAN-type services through a 5G network. A 3GPP Release 16-compliant 5G system would enable its operator to provide voice, data, multimedia services, beyond its Public Land Mobile Network (PLMN), to UE and its user over a local area network type of services deployed at different locations such as a resident, office, and factory. 5G LAN-type services may be deployed over the licensed as well as unlicensed spectrums. ●●

Support of the Ethernet Transport Services

5G system supports the Ethernet Transport Services for an Ethernet PDU session type. This feature is required to be supported by a UE to enable it to exchange Ethernet frames, over 5G LAN-type services mentioned above, with a device connected to an Ethernet data network. ●●

Support of industrial Internet of Things (IoT)

5G system supports industrial automation through the industrial IoT and its different use cases such as factory automation, transport, and electrical power distributions. The 5G system will support integrations and communications with such industrial time-sensitive networks (TSNs), requiring accurate time synchronization, through highly deterministic time-sensitive data packets communications, for example, between a TSN controller and TSN end device. These features impact the NR Layer 2 and Layer 3 protocol layers to support low-latency and high-reliability communications. ●●

Support of a Non-Public Network (NPN)

5G system supports NPN for private network usage purposes by an entity or organization with its dedicated resources. Such an NPN may be operated independently without relying on a PLMN. However, an NPN may be integrated with a PLMN also. A brief on the NG-RAN sharing with an NPN was described earlier in Chapter 7. ●●

Two-step Random Access Channel (RACH) procedure

5G system supports a two-step RACH procedure to reduce signaling overhead and latency in comparison to the four-step RACH procedure in the Release 15 of 5G NR. In a two-step RACH procedure, the number of signaling messages between a UE and gNB is reduced during connection setup and resume procedure initiated by UEs/ devices across the different use cases of the 5G system. ●●

Enhancement of UE mobility

5G system supports enhanced UE mobility through the Dual Active Protocol Stack (DAPS) handover procedure where a UE maintains an RRC connection with the source gNB until the UE is successfully handed over to the target gNB. DAPS is a kind of make-before-break kind of handover procedure. UE mobility enhancement in Release 16 aims to improve the performance of a handover procedure in the 5G system, especially in the highfrequency range (FR2) of NR. To improve the robustness of a handover procedure, a Conditional Handover procedure is also specified as part of the NR Release 16. ●●

NR operations in unlicensed spectrum

5G system supports its services over a shared/unlicensed spectrum also to increase capacity, by allowing the NR to operate in 5 and 6 GHz frequency bands. Currently, such unlicensed frequency bands are also used by other technologies such as the Wi-Fi communications which use the 5 GHz frequency band. Using an unlicensed spectrum, the NR can operate as a standalone system only. On the other hand, using an unlicensed spectrum, the NR can also operate in paired/anchored with a carrier on a licensed frequency band. ●●

Support of an Integrated Access and Backhaul (IAB)

5G system supports an IAB solution for the NR to provide both wireless access and backhauling connectivity between base stations. Thus, instead of using fixed fiber optics-based backhaul connectivity currently in use, the

495

496

Mobile Communications Systems Development

NR IAB can be used as an alternative and cost-efficient wireless-based backhaul solution to increase the 5G service coverages, especially through base stations using the mmWave frequencies. An NR IAB node/base station can serve normal UEs access as well as backhaul data traffic services. The NR IAB feature is realized through the split architecture of an NG-RAN, consisting of a centralized unit and distributed unit, as described earlier in Chapter 16. The IAB feature also introduces a new Layer 2 Backhaul Adaptation Protocol (BAP) layer on top of the Radio Link Control (RLC) layer. ●●

UE positioning services

5G system support for UE positioning services in NR has been added for various use cases such as regulatory, commercial, factory automation, vehicular positioning, and so on, requirements for both the outdoors and indoor deployment areas. For UE positioning purposes, a new reference signal called Positioning Reference Signal (PRS) has been added at NR physical layer in a downlink direction. In the uplink direction, the existing Sounding Reference Signal, with additional capabilities, in uplink direction is used for UE positioning purposes. ●●

Evolution of IP Multimedia Subsystem (IMS) for voice over NR

To provide voice services over the NR, the IMS has also evolved as part of the 3GPP Release 16. The IMS also supports service-based architecture(SBA) in the 3GPP Release 16 where the Proxy - Call Session Control Function (P-CSCF) and Home Subscriber Server (HSS) are discoverable dynamically through the NRF network function of the 5G core.

22.3 ­3GPP Release 17 The 3GPP Release 17 also enhances the existing features as well as introduces new features to address new applications/verticals, use cases, and so on on top of the Release 16 described above. Release 16 existing candidate features that have been identified for enhancement as part of the Release 17 are the IAB, V2X, Non-Public Network, IIoT, URLCC, UE positioning, and so on. 3GPP Release 17 introduces further evolution to the 5G system new radio (NR) by allowing the NR to operate at high frequencies (52.6–71 GHz). Release 17 also supports NR operation over Non-Terrestrial Network (NTN) and multi-SIM UEs. All such enhancements and the addition of new features are spread across the different use cases of the 5G system, i.e. eMBB, URLLC, and mIoT. For more information, refer to the Release 17 description available on the 3GPP site.

­Chapter Summary Several enhancements made on top of the 5G system baseline Release 15 as well as the new features added as part of the 3GPP Release 16 have been highlighted above. Further, some of the enhancements and new features being introduced as part of the Release 17 have been highlighted above. For more information on the complete list of enhancements and features added as part of the 3GPP Release 16 and Release 17, reading should start with the TR 21.916/917 [25] for Release 16 and Release 17 descriptions. The reader can also refer to TS 38.300 [111], Release 16 or Release 17 version, for an overview of each enhancement and feature added on top of the 3GPP Release 15 of the 5G system. Such enhancements and new features have led to the added impact to the various protocol layers as well as the system architecture of the 5G system. The changes introduced in a particular protocol layer may be studied from the corresponding change request number, for example, refer to change request # RP-200349 [151] for the affected protocol layers and their changes due to the IAB feature. TR 21.916/917 [25] mentions the technical specifications of the affected protocol layers, existing or new, or other areas of the 5G system due to the 3GPP Release 16 and Release 17. The “Change History” section of each of the affected technical specification contains the technical document (TDoc) number of the corresponding feature or enhancement added into a particular 3GPP release. Using the TDoc number, the reader can obtain further supplementary information for a particular enchantment or feature.

497

Test Yourself! ­Introductions This book has covered the various aspects of the design and development of mobile communications systems and networks drawn from the GSM, GPRS, UMTS, LTE, and 5G systems. As part of a self-assessment on the topics covered in this book, several relevant exercises are provided below to broaden the knowledge of the reader on the various aspects of the 5G mobile communication system and network. The exercises are divided into the following groups: ●● ●●

5G Mobile Communications and Systems Concepts Software Program Development Exercises –– Generic Utility and Reuseable Software –– 5G System Protocol Layer Development

A.1  5G Mobile Communications and Systems Concepts 1) What is the purpose of Protocol discriminator (PD) and Message Discriminator in the air interface Layer 3 protocol stack? Why SMS and Supplementary services have the same PD as Call Control messages? 2) The NR Physical Downlink Shared Channel (PDSCH) multiplexes the DL-SCH and PCH transport channels. How does a UE differentiate the type of data it receives through the PDSCH? 3) How does the air interface Layer 3 protocols perform routing functions among the protocol layers? 4) Why is the SCTP used, in place of TCP, for call controlling signaling purposes over IP? 5) What is the SCTP port id that is used for transporting Xn-AP messages over the Xn logical interface? 6) How does a packet encapsulation method help in routing the user data packets of a mobile user in a mobile communications network? 7) Compare FDD and TDD modes of transmission with respect to the following factors. ●● Spectrum efficiencies ●● Complexity in terms of their implementations at MAC and Physical Layer ●● Latency due to switching time requirements in TDD 8) Why are interleaved resource blocks used and allocated to a UE by NG-RAN? 9) Why is there no CBGFI flag in case of uplink HARQ-ARQ? 10) Make a comparative study of the overhead caused by different physical signals with respect to their frequency and time-domain density.

Mobile Communications Systems Development: A Practical Introduction to System Understanding, Implementation, and Deployment, First Edition. Rajib Taid. © 2021 John Wiley & Sons Ltd. Published 2021 by John Wiley & Sons Ltd.

498

Test Yourself!

11) 12) 13) 14) 15) 16) 17) 18) 19) 20) 21) 22) 23) 24) 25) 26) 27) 28)

How does a UE know whether beamforming is used in a cell? List the network slice-related information stored at UE and 5G core networks. Explain how a RAN slicing supports a network slicing. Identify the frequency bands and carrier frequencies suitable for different use cases of the 5G system. Identify the various deployment scenarios and KPIs for different use cases i.e. eMBB, mMTC, and URLLC. Refer to TR 38.913 [27]. Make a comparative study of the LTE and NR air interfaces with respect to their physical layer. Make a prototype design of NG-RAN for different use cases and network slices of 5GS. Compare the SOAP, RPC, and REST styles of API design and representation. List the HTTP methods and API URI used for services operations of different network functions. Make a comparative study of the functions and procedures performed by the 5GC AMF and LTE/EPS MME. Whys are DMRSs used in NR? Calculate the overhead associated with typical DMRSs of various physical channels in NR. Why is there no Length Indicator field in the RLC layer header? Why cannot the DMRS be used for channel sounding purposes? Compare the similarities and differences between radio link failure/radio link monitoring and beam failure and its recovery procedures. Compare the differences of RACH procedure performed by a UE during an initial cell access and during a beam failure recovery. How does the RRC_INACTIVE state reduce signaling overhead and meet low latency requirements over the NR air interface? How does the RRC layer contribute to an energy-efficient in the 5G NG-RAN base station? What is the NG-RAN paging and 5G core paging in 5G? How does a UE mobility tracking take place in RRC INACTIVE state?

A.2  ­Software Program Development Exercises This section contains several coding exercises for the development of typical utility and reuseable software that can be used across the protocol stack implementation. Protocol Layer-specific coding exercises are also provided.

A.2.1  Generic Utility and Re-Useable Software 1) Given an Information Element (IE), develop a function or a macro to extract the ●● Type(T) of the IE ●● Length(L) of the IE ●● Value(V) of the IE 2) Given an IE, develop a function or a macro to set its length field. 3) Given air interface Layer 3 message, develop a function or a macro to extract its ●● Message type or PDU type ●● Protocol Discriminator and Extended Protocol Discriminator ●● Skip Indicator ●● Transaction Identifier and Its Flag 4) Develop a function or macro to determine the length, i.e. one octet or two-octet, of an IE. 5) Develop functions or macros to extract ●● N-bits from a frame of bits ●● N-Octets from a frame of octets 6) Develop a function to generate a CRC polynomial of N-degree. 7) Develop a function or macro to extract the 4-bits or nibble from an octet.

Test Yourself!

8) Develop a function or macro to combine two 4-bits or nibbles to form an octet. For example, combine the protocol discriminator (4-bits) and the skip indicator (4-bits) to form an octet of the Layer 3 header. 9) Develop a function or macro to add and extract the N- padded bits into an octet or word. 10) Develop a function or macro to combine two 3-bits information and also add two padded bits to form an octet. For example, combine the Network Colour Code (NCC) and Base Station Colour Code (BCC), each is of 3-bits in length, used as the Base Station Identity Code (BSIC) in the GSM system. 11) Develop and define C-structures using bit-field for the following network identities: ●● A PLMN Id, consisting of {MCC (3 bits), MNC (2 bits)}. ●● IMSI of a subscriber consisting of MCC (3-bits), MNC (2-bits), and MSIN (10-bits). ●● A GUTI (Globally Unique Temporary UE Identity) of UE is allocated in the case of the LTE/EPS system. A GUTI consists of GUMMEI (MCC, MNC, MME Identifier {MME Group ID (16bits), MME Code (8-bits)}), and M-TMSI (32 bits). ●● An RAI is allocated in the case of GPRS/UMTS. An RAI consists of {MCC, MNC, LAC, and RAC}. ●● An LAI is allocated in the case of the GSM system. An LAI consists of {MCC, MNC, LAC (2 octets)}. ●● IMEI of MS. An IMEI consists of {TAC (8-bits), Serial Number (SNR) (6-bits), CD_SD (1-bit)}. ●● UMTS Core Network CS domain id (CN_CS_ID) consisting of {PLMN ID, LAC}. ●● An RNC identifier, consisting of {PLMN ID, RNC ID}. ●● An LTE/EPS Tracking Area Code, consisting of {MCC, MNC, TAC (2 octets)}. 12) Develop generic C-functions of the following categories; these utility functions can be used across the protocol layers: ●● Timer –– Start a Timer with a time reference object/structure containing the timer id, timer duration, timer callback function, and application or protocol layer id. –– Stop a Timer with the supplied timer id –– Expiry of a timer with a particular timer id ●● Counter –– Initialize and update a particular counter identifying a call processing event. –– Reset a particular counter identifying a call processing event. ●● Alarm –– Raise a particular alarm, with the inputs: alarm id, any supplementary information –– Clear a particular alarm, with the inputs: alarm id. ●● Inter-process communications between network elements or application processes –– Initialize Windows or Unix domain TCP and UDP sockets –– Write to a TCP socket –– Write to a UDP socket –– Read from a TCP socket –– Read from a UDP socket –– Write and Read a message through Message Queue –– Write and Read a message through Shared Memory 13) Develop a generic C-Function to prepare a message or a buffer containing the various parameters of messages of different protocol layers, e.g. air interface Layer 3. Input is the message type and its related IEs. 14) One common identity of an MS across the cellular systems is the IMSI. Develop a C-function to decode or encode the IMSI in a protocol message. 15) In the user plane, the application layer’s data goes through several pre-processing like compression, segmentation, and so on before it’s transmitted over the air interface. Develop a utility function that processes the application’s data and ●● Segments it, at the sender end, into N-octets before passing it down to the next layer. ●● Reassembles it before passing it to the concerned application at the receiving end.

499

500

Test Yourself!

16) Implement a Hash Table for storing, searching, and retrieving structures containing MS/UE information. 17) Implement a linked list for storing, searching, and retrieving structures containing radio network element configuration information. 18) Air interface Layer 2 protocols header/data block/PDU contains bit-level information. Develop a C-macro or function for the following. ●● Set a particular bit ●● Clear a particular bit ●● N-bit left shift ●● N-bit right shift 19) An integer random value is used during an initial access attempt made by a mobile device, for transmitting either signaling or user traffic. For e.g., in NR, an integer random value in the range 0–239 -1 is used in the RRCSetupRequest message. Develop a C-function that generates a random value in the range from 0 to 2 (Number of bits)−1. 20) Develop functions to (a) read the first octet of a message and (b) write into the last octet of a message. 21) Develop generic functions/macro for encoding and decoding the individual bits for a 32-bits identifier, i.e. XX_ENCODE_1_BIT, XX_ENCODE_2_BIT, XX_ENCODE_3_BIT, and so on. 22) Compare the relative merits and demerits of TLV, CSN.1, and ASN.1 encoding and decoding methods of protocol layer messages.

A.2.2  5G System Protocol Layer Development This section contains several coding exercises for the development of the actual logics for 3GPP-complaint 5G system Protocol layers, its functions, procedures, and algorithms. 1) Develop a C-macro to calculate the RA-RNTI associated with the Random-Access Response for a given UE in the NR system using the formula mentioned in TS 38.321 [113]. 2) Develop C-structures for the definition of the following ●● NR RLC Unacknowledged mode PDU with x-bits and y-bits sequence number. ●● NR RLC Acknowledged mode PDU with x-bits and y-bits sequence number. ●● NR MAC layer, consisting of the MAC Header, MAC control elements, and MAC Service data units. 3) The Downlink Control Information (DCI) format of the NR physical layer contains information to be used by a UE for data transmission/receptions. Refer to TS 38.212 [107] and derive the length of the individual information from its description and develop C-structures and code for the following: ●● C -structure definitions, at bit-level, to pack the various scheduling and other information under each of the DCI formats. ●● C-functions to encode/decode DCI formats. 4) The RLC layers contain several state variables for the Acknowledged Mode, Unacknowledged Mode, and Transparent mode data transmission and reception. Define and establish the relationship among the state variables in the code. 5) Develop C-function/macro to Conceal and De-Conceal a UE SUPI to SUCI. 6) Develop an IMSI hash algorithm to be used for a shared RAN under the MOCN feature; refer to TS 23.251 [37]. 7) Develop C-functions for the following NR UE MAC layer procedures: ●● Scheduling Request ●● Buffer Status Report ●● Semi-persistent Scheduling ●● Hybrid Automatic Repeat Request (HARQ)

Test Yourself!

8) Develop C-functions for the following NR UE PDCP layer procedures: ●● User data transfer over the DRB ●● Control plane data transfer over the SRB 9) Develop C-functions for the following NR UE RLC layer procedures: ●● Transparent Mode data transfer ●● Acknowledged Mode data transfer ●● Unacknowledged Mode data transfer ●● Hybrid Automatic Repeat Request (HARQ) 10) Prepare a high-level design document for the following layers: ●● MAC layer and its entity ●● RLC layer and its entity ●● Service Access Points (SAP) between RLC and MAC layers 11) Develop timer-based service routines for scheduling and transmitting the following NR air interface downlink information from the gNB to UEs in a cell. ●● Master Information Block, periodicity – every ‘X’ milliseconds ●● System Information Block – periodicity – every ‘X’ milliseconds 12) Assume that the transmission timer interval (TTI) used over the NR air interface is 1 millisecond, which is equal to 1 sub-frame in FDD/TDD mode. Develop suitable functions/procedures to process, i.e. read/write, packets every TTI from the Ethernet frame received from the underlying IP stack. 13) Consider the PDSCH channel and its transmission of an NR transport block using the MCS ‘X’ and 64QAM modulation scheme, normal cyclic prefix over a single resource block with no control channels on it. Calculate the effective channel coding rate of this transport block transmission. Remember to add a 24-bits CRC to the transport block coding. 14) List the different data types used by network function services and their operations and develop suitable data structures to represent them. 15) Develop and model the 5GC network functions using the UML class diagrams with correct relationships among them. 16) Identify the sequential and associative STL containers. Select the appropriate container which can be used as the data structures to store 5GC network functions information. 17) Develop an algorithm to generate a random number-based UUID for NF instances. 18) Develop functions for discovery and selection of different network functions. 19) Develop C-functions for generations of modulation symbols and scrambling sequences for the following physical channels: ●● PBCH ●● PDCCH ●● PDSCH 20) Develop C-functions for the encoding and decoding of DCIs. 21) Develop C-structure for BWP consisting of ●● Subcarrier Spacing ●● Number of Resource Block ●● Cyclic Prefix 22) Develop C-structure for a CORESET consisting of ●● Allocated PRB i.e. frequency domain resources ●● Duration ●● CCE to REG mapping ●● REG bundle size ●● Interleaved size ●● Shift index

501

502

Test Yourself!

23) Develop a C-structure for a PDCCH search space consisting of ●● Monitoring slot periodicity ●● Monitoring symbol ●● Number of candidates PDCCH = 2 ●● CCE aggregation level 24) Develop a C-structure to store a UE-specific PDCCH configuration. 25) Design an appropriate data structure to store a 240-by-4 matrix representing the SS/PBCH block. 26) Given the LDPC lifting size of say, 8, generate the BG2. 27) Develop suitable C-data structures to store the DMRS information, such as type, position, and length, for the following channels: ●● PDSCH, PUSCH, and PBCH 28) Design prototype NR scheduling algorithms for different use cases of 5GS. 29) Compare the pros and cons of the LDPC encoding method used for different natures of, i.e. large and small, traffic generated from the 5G use cases eMBB, mMTC, and URLLC. 30) Develop a C-function for the following: ●● Store the NSSAI and S-NSSAI, and their associated DNN list. ●● Network Slice Selection Function (NSSF). 31) Compare the different types of STL C++ container classes from their performance point of view. 32) Develop a suitable data structure to store UE PDU Session information with the following details. ●● PDU Session Identity ●● PDU Session Type ●● Network Slice Identifier (S-NSSAI) ●● Data Network Name ●● Session and Service Continuity (SSC) mode 33) Design and develop appropriate data structures to store network function profiles, at NRF, of various network functions of the 5G core. 34) Design and develop RESTful APIs for the following services provided by the 5GC NRF network function (NF) to its consumer network functions. ●● NF register and deregister ●● NF update ●● NF status subscribe ●● NF status Notify and un-subscribe ●● NF list retrieval ●● NF profile retrieval ●● Any user-defined services 35) For each of the network function of the 5G core, identify the following typical ●● Set of features supported, e.g. voice over IMS support at SMF, by a network function. ●● Mandatory, e.g SSC mode at SMF, and optional/custom features of a network function. ●● Interworking requirements, e.g. fall-back to LTE/EPS to support voice over IMS. ●● Resources management, e.g. allocate an IP address to UE. ●● Policy and Charging requirements. 36) Refer to Chapters: 10 and 11 on the alarm, fault, and performance management methods/processes used in a mobile communication network. Using these methods, design and develop appropriate functions and procedures for the following typical use cases of a Self-Organizing Network (SON), refer to TS 28.861. ●● Detection and automated recovery of cell outages, or a sleeping cell, as part of the self-healing function of a SON. ●● Traffic distribution among neighbor cells, in terms of usages of radio resources, as part of the load balancing optimizations function of a SON.

503

References All the 3GPP Technical Specifications being referred and listed below for the 5G system are based on its 1st Release 15. Other 3GPP Technical Specifications being referred and listed below for the legacy systems (GSM/ GPRS/UMTS/LTE) are based on the Release 10. 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30

www.3gpp.org www.3gpp.org/specifications/specification‐numbering www.3gpp.org/ftp/Information/WORK_PLAN/Description_Releases/ www.3gpp.org/specifications‐groups www.3gpp.org/specifications/specification‐numbering/81‐version‐numbering‐scheme. www.3gpp.org/ftp/Specs/latest ETSI GS NFV 002 Network Functions Virtualisation (NFV); Architectural Framework ETSI GS NFV 004 Network Functions Virtualisation (NFV); Virtualization Requirements https://www.itu.int/dms_pubrec/itu‐r/rec/m/R‐REC‐M.2083‐0‐201509‐I!!PDF‐E.pdf CSN.1 [www.csn1.info]; ASN, [visit: www.itu.int/ITU‐T/studygroups/com17/languages/X.690‐0207.pdf.] ITU‐T [X.691] ASN.1 Packet Encoding Rule ITU‐T Recommendation G.703 for E1 interface RFC 3095 RObust Header Compression (ROHC) RFC 3748 Extensible Authentication Protocol RFC 4122 A Universally Unique IDentifier (UUID) RFC 4815 RObust Header Compression (ROHC) RFC 4960 Stream Control Transmission Protocol RFC 5246 The Transport Layer Security (TLS) RFC 5448 Improved Extensible Authentication Protocol Method RFC 6749 The OAuth 2.0 Authorization Framework RFC 7515 JSON Web Signature (JWS) RFC 7516 JSON Web Encryption (JWE) RFC 7519 JSON Web Token (JWT) TR 21.905 Vocabulary for 3GPP Specifications TR 21.916/917 Release description; Release 16/ Release description; Release 17 TR 38.912 Study on New Radio (NR) access technology TR 38.913 Study on Scenarios and Requirements for Next Generation Access Technologies TS 22.261 Service requirements for the 5G system TS 23.002 Network architecture TS 23.003 Numbering, addressing and identification

Mobile Communications Systems Development: A Practical Introduction to System Understanding, Implementation, and Deployment, First Edition. Rajib Taid. © 2021 John Wiley & Sons Ltd. Published 2021 by John Wiley & Sons Ltd.

504

References

31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 7 6 68 69 70 71 72 73

TS 23.060 General Packet Radio Service (GPRS); Service description; Stage 2 TS 23.122 Non‐Access‐Stratum (NAS) functions related to Mobile Station (MS) in idle mode TS 23.203 Policy and charging control architecture TS 23.214 Architecture enhancements for control and user plane separation of EPC nodes TS 23.216 Single Radio Voice Call Continuity (SRVCC); Stage 2 TS 23.228 IP Multimedia Subsystem (IMS); Stage 2 TS 23.251 Network Sharing Architecture and Functional Description TS 23.272 Circuit Switched (CS) fall back in Evolved Packet System (EPS); Stage 2 TS 23.401 General Packet Radio Service (GPRS) enhancements for Evolved Universal Terrestrial Radio Access Network (E‐UTRAN) access TS 23.501 System Architecture for the 5G System TS 23.502 Procedures for the 5G System TS 23.503 Policy and charging control framework for the 5G System (5GS); Stage 2 TS 23.527 5G System; Restoration procedures TS 24.007 Mobile radio interface signaling layer 3; General aspects TS 24.008 Mobile radio interface Layer 3 specification; Core network protocols; Stage 3 TS 24.301 Non‐Access‐Stratum (NAS) protocol for Evolved Packet System (EPS); Stage 3 TS 24.501 Non‐Access‐Stratum (NAS) protocol for 5G System (5GS); Stage 3 TS 24.502 Access to the 3GPP 5G Core Network (5GCN) via non‐3GPP access networks TS 25.301 Radio Interface Protocol Architecture TS 25.331 (UMTS) Radio Resource Control (RRC); Protocol specification TS 25.401 UTRAN overall description TS 25.410 UTRAN Iu Interface: general aspects and principles TS 25.412 UTRAN Iu: Signalling Transport TS 25.413 UTRAN Iu interface Radio Access Network Application Part (RANAP) signaling TS 28.310 Management and orchestration; Energy efficiency of 5G TS 28.530 Management and orchestration; Concepts, use cases and requirements TS 28.531 Management and orchestration; Provisioning TS 28.533 Management and orchestration; Architecture framework TS 28.540 Management and orchestration; 5G Network Resource Model (NRM); Stage 1 TS 28.541 Management and orchestration; 5G Network Resource Model (NRM); Stage 2 and stage 3 TS 28.546 Management and orchestration of networks and network slicing; Fault Supervision (FS); Stage 2 and stage 3 TS 28.550 Management and orchestration; Performance assurance TS 28.552 Management and orchestration; 5G performance measurements TS 28.555 Management and orchestration; Network policy management for 5G mobile networks TS 28.556 Management and orchestration; Network policy management for 5G mobile networks; Stage 2 and stage 3 TS 29.018 Serving GPRS Support Node (SGSN) ‐Visitors Location Register (VLR); Gs interface network service specification TS 29.060 GPRS Tunnelling Protocol (GTP) across the Gn and Gp interface TS 29.118 Mobility Management Entity (MME) ‐ Visitor Location Register (VLR) SGs interface specification TS 29.244 Interface between the Control Plane and the User Plane nodes TS 29.274 Evolved General Packet Radio Service (GPRS) Tunnelling Protocol for Control plane (GTPv2‐C) TS 29.280 Evolved Packet System (EPS); 3GPP Sv interface (MME to MSC, and SGSN to MSC) for SRVCC TS 29.281 General Packet Radio System (GPRS) Tunneling Protocol User Plane (GTPv1‐U) TS 29.500 Technical Realization of Service Based Architecture

References

74 TS 29.501 Principles and Guidelines for Services Definition 75 TS 29.502 5G System; Session Management Services; Stage 3 76 TS 29.510 Network Function Repository Services 77 TS 29.518 Access and Mobility Management Services 78 TS 29.571 Common Data Types for Service Based Interfaces 79 TS 32.101 Telecommunication management; Principles and high‐level requirements 80 TS 32.250 CS Domain Charging 81 TS 32.410 Key Performance Indicators (KPI) for UMTS and GSM 82 TS 32.450 Key Performance Indicators (KPI) for Evolved Universal Terrestrial Radio Access Network 83 TS 32.451 Key Performance Indicators (KPI) E‐UTRAN: Requirements 84 TS 32.455 Key Performance Indicators (KPI) EPC 85 TS 33.102 3G Security; Security architecture 86 TS 33.401 3GPP System Architecture Evolution (SAE); Security architecture 87 TS 33.501 Security architecture and procedures for 5G system 88 TS 34.12* UE Conformance Specifications 89 TS 36.201 LTE physical layer; General description 90 TS 36.211 Evolved Universal Terrestrial Radio Access (E‐UTRA); Physical Channels and Modulation 91 TS 36.213 Evolved Universal Terrestrial Radio Access (E‐UTRA); Physical layer procedures 92 TS 36.300 (E‐UTRAN); Overall description 93 TS 36.321 Evolved Universal Terrestrial Radio Access (E‐UTRA); Medium Access Control (MAC) protocol specification 94 TS 36.331 Evolved Universal Terrestrial Radio Access (E‐UTRA); Radio Resource Control (RRC); Protocol specification 95 TS 36.401 (E‐UTRAN); Architecture description 96 TS 36.410 S1 general aspects and principles 97 TS 36.413 Evolved Universal Terrestrial Radio Access Network (E‐UTRAN); S1 Application Protocol (S1AP) 98 TS 36.423 Evolved Universal Terrestrial Radio Access Network (E‐UTRAN); X2.application protocol (X2AP) 99 TS 36.52* Series UE Conformance Specifications 100 TS 37.324 Evolved Universal Terrestrial Radio Access (E‐UTRA) and NR; Service Data Adaptation Protocol (SDAP) specification 101 TS 37.340 NR; Multi‐connectivity; Overall description; Stage‐2 102 TS 38.101 NR; User Equipment (UE) radio transmission and reception 103 TS 38.104 NR; Base Station (BS) radio transmission and reception 104 TS 38.133 NR; Requirements for support of radio resource management 105 TS 38.201 NR; Physical layer; General description 106 TS 38.211 NR; Physical channels and modulation 107 TS 38.212 NR; Multiplexing and channel coding 108 TS 38.213 NR; Physical layer procedures for control 109 TS 38.214 NR; Physical layer procedures for data 110 TS 38.215 NR; Physical layer measurements 111 TS 38.300 NR; Overall description; Stage‐2 112 TS 38.306 User Equipment (UE) radio access capabilities 113 TS 38.321 NR; Medium Access Control (MAC) protocol specification 114 TS 38.322 NR; Radio Link Control (RLC) protocol specification 115 TS 38.323 NR; Packet Data Convergence Protocol (PDCP) specification 116 TS 38.331 NR; Radio Resource Control (RRC); Protocol specification 117 TS 38.401 NG‐RAN; Architecture description

505

506

References

118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151

TS 38.410 NG‐RAN; NG general aspects and principles TS 38.413 NG‐RAN; NG Application Protocol (NGAP) TS 38.415 NG‐RAN; PDU Session User Plane Protocol TS 38.420 NG‐RAN; Xn general aspects and principles TS 38.423 NG‐RAN; Xn Application Protocol (XnAP) TS 38.425 NG‐RAN; NR user plane protocol TS 38.50/52/53 Series UE Conformance Specifications TS 38.460 NG‐RAN; E1 general aspects and principles TS 38.470 NG‐RAN; F1 general aspects and principles TS 38.473: NG‐RAN; F1 application protocol (F1AP) TS 42.009 Security aspects TS 44.008 Mobile radio interface layer 3 specification TS 44.018 Mobile radio interface layer 3 specification; Radio Resource Control (RRC) protocol TS 44.060 General Packet Radio Service (GPRS); Mobile Station (MS) ‐ Base Station System (BSS) interface; Radio Link Control/Medium Access Control (RLC/MAC) protocol TS 44.065 Sub‐Network Dependent Convergence Protocol (SNDCP). TS 48.006 Signalling transport mechanism Specification for the Base Station System ‐ Mobile Services Switching Centre (BSS ‐ MSC) interface TS 48.008 Mobile Switching Centre ‐ Base Station System (MSC‐BSS) interface; Layer 3 specification. TS 48.016 Base Station System (BSS) ‐ Serving GPRS Support Node (SGSN) interface; Network Service TS 48.018 Base Station System (BSS) ‐ Serving GPRS Support Node (SGSN) interface; BSS GPRS Protocol (BSSGP) TS 51 Series MS Conformance Specifications 3GPP TSG RAN Meeting #82 RP‐182580 UE support for NR Beam Correspondence 3GPP TSG RAN Meeting #82 RP‐182452 Evaluation of beam correspondence as mandatory UE feature. 3GPP TSG‐RAN WG4 Meeting #89 R4‐1814656 Beam Correspondence for Rel‐15 3GPP TSG‐RAN WG1 #86 Bis R1‐1610239 On beam management in NR – procedures 3GPP TSG RAN WG1 Meeting #87 R1‐1611664 Multi‐panel‐based DL MIMO transmission 3GPP TSG RAN WG1 Meeting #87 R1‐1611665 Multi‐panel‐based UL MIMO transmission 3GPP TSG RAN WG1 Meeting #87 R1‐1611666 Codebook design for multi‐panel structured MIMO in NR 3GPP TSG RAN WG1 Meeting #88 R1‐1701691 DL Codebook design for multi‐panel structured MIMO in NR 3GPP TSG RAN WG1 Meeting #88 R1‐1701694 CSI‐RS design for beam management 3GPP TSG RAN WG1 Meeting #88 R1‐1701695 CSI‐RS design for CSI acquisition 3GPP TSG RAN WG1 Meeting #88 R1‐1701807 On Type I codebook design for NR MIMO 3GPP TSG RAN WG1 Meeting #88 R1‐1702188 On codeword to MIMO layer mapping for NR 3GPP TSG RAN WG1 Meeting #88 R1‐1702266 Aperiodic CSI Reporting for NR MIMO RP‐200349 CR to 38.300 on Integrated Access and Backhaul for NR

­Further Readings About 3GPP Meeting Discussions/Study Items/Work Items In addition to the list of references mentioned above, the reader is further recommended to go through the different study items, work items, and so on, as mentioned in [138–150] in the references section above. These study items and work items are available in the form of meeting discussions and their technical documents (TDocs) within a particular 3GPP specification group. Given a TDoc number or its title, the link to search and download it is https://portal.3gpp.org/ngppapp/TdocList.aspx. A TDoc can be also searched using the “search” option provided on the 3GPP website. A study item contains valuable information about a particular area of discussion and can be used to supplement existing or to acquire additional knowledge by a reader.

507

Index a

A‐bis interface (GSM)  6, 31 Access network  10 Access point name  81 Access stratum  39 Acknowledged mode  46 Advance features of operating system inter‐process communication  181 signals  183 timers  183 A/Gb mode (GSM/GPRS)  51 A‐interface (GSM)  6, 31 Air interface(s)  6 access stratum and non‐access stratum  291 classification of layer 3 messages  199 constructing a layer 3 message  204 control plane and user plane protocols  291 layer 2 encoding and decoding  207 layer 3 protocol header  200 bearer identity  204 5GSM PDU Session Identity  204 protocol discriminator  202 skip indicator  202 transaction identifier  204 message formats  292 piggybacking for reduction of signaling overhead  293 protocol architectures  289 protocols domains classifications  291 security protection of MM messages  205 Air interface drive test  160 Air interface investigation tool  167 Alarm(s)

APIs  139 critical alarm  135 database  139 design, components  139 major alarm  135 minor alarm  135 Alarm description for abnormal conditions  144 protocol error  142 Alarm generation for abnormal condition  145 protocol error  145 Alarm in mobile network  135 Alarms due to abnormal conditions  142 abnormal events  136 loca errors  138 protocol error  140 Alarms from 3GPP TSs  136 abnormal conditions  136 protocol layer error handling  137 Alarms management system  138 All IP network (3GPP Release 5)  17 Always on CRS  409 Application protocol  51 Application protocol identity (LTE/EPS)  75 ARQ. See Automatic Repeat Request ASN.1 abstract syntax error  211 logical error  211 transfer syntax error  211 ASN.1 encoding/decoding UMTS, LTE, NR layer 3 messages  61

Mobile Communications Systems Development: A Practical Introduction to System Understanding, Implementation, and Deployment, First Edition. Rajib Taid. © 2021 John Wiley & Sons Ltd. Published 2021 by John Wiley & Sons Ltd.

508

Index

ASN.1 encoding/decoding using packet encoding rule  56 ATM  9 asynchronous transfer mode  47 Authentication and key agreement  123 Automatic repeat request  340

b

Base station controller  5 Base station subsystem  6 Base transceiver station  5, 6 Bearer independent core network (3GPP Release 4)  17 Binding (SDF to bearer ot QoS flow)  303 BLER. See Block level error rate Block level error rate  422 Board support package  176 BSSMAP (GSM)  53 Built‐in self‐test (BIST)  177

c

Call control management  29 Call processing  148 Carrier aggregation  26, 372 CCE. See Control channel elements Cell acceptable cell  309 barred cell  309 reserved cell  309 suitable cell  309 Cell global identity  310 Cell specific reference signal (LTE)  409 Channel and transmission bandwidths channel and transmission  371 Channel quality indicator  431 Channel quality information  434 Ciphering  124 Circuit switched  5, 9, 12 Circuit switched fall back (CSFB)  18, 79, 85 CN. See Core network Components of an IE  57 Confidentially/ciphering of user and signalling data  124 Connection management  44 Control channel elements  369 Control plane or signaling protocols  36 Control/signalling plane  36 Core network  6, 10 Core network and terminals  21

Core network domain  11 Counter for performance measurment  147 CPU core  178 CQI. See Channel quality indicator CRI. See Contention resolution identity CRS. See Cell specific reference signal CS paging request  106 CS/PS coordination  105 CSI. See 5G NR channel stateinformation CSI‐RS. See 5G NR physical signals channel status information reference signal CSN.1 encoding/decoding (GPRS Layer 2)  56 CSN.1 encoding/decoding of GPRS RLC/MAC messages  60 CUPS. See Control plane and user plane separation

d

Data plane  36 Data radio bearer  298 DCI. See Downlink control information Delay critical GBR  334 Description of air interface messages in tabular form  56 Device driver development  229 Digital signal processor  176 Direct transfer  52 Direct transfer application part  52 Direct/indirect encoding of signalling messages  62 DTAP. See Direct transfer application part

e

Elementary procedures code  210 criticality of IE  211 for RAN‐CN signalling  208 initiating message  212 successful outcome  212 types and classes  210 un‐successful outcome  212 Encoding/decoding of air interface layer 3 messages  56 Encoding/decoding of air interface messages  55 Encoding/decoding of LTE and 5G NR MAC protocol PDUs  60 Encoding/decoding of LTE and 5G NR RLC protocol PDUs  60 End‐to‐end mobile network information flow  12 Enhanced data for global evolution (EDGE)  15

Index

EPS bearer identity  59 Evolutions of air interface  14 Evolutions of 3GPP networks architectures  16 Evolved (e)NodeB  8 Evolved packet core  8 Evolved packet system  9, 40 Evolved universal terrestrial radio access network  10

f

File transfer protocol (FTP)  21 5G core network control plane and user plane separation  447 network functions  453 network functions virtualizations  252 NF. See 5G core network network functions NFV. See Network functions virtualizations NG logical interface  32 NG‐AP  32, 53 NG‐user plane  32 reference points based representation  455 SBA. See Service based architecture SBI. See 5G core network service based interface service based architecture  452 service‐based interface  295 service interfaces‐based representation  455 5G core network functions access and mobility management function  453 application function  454 authentication server function  453 HTTP PUT, POST, GET, DELETE Verbs  462 network exposure function  453 network function selection  468 network repository function  453 network slice selection function  453 OAuth 2.0 Framework for SBI  467 policy control function  453 protocol stack for SBI communication  461 RESTFul API  462 services APIs  462 services framework  458 services interfaces  454 services, operations  457 session management function  453 unified data management  454 unified data repository  454 user plane function  454 virtualization  469

5G new radio control plane protocol layers  295 5G NR AS RRC layer admission control procedure  332 on demand system information  318 functions and procedures  317 RAN based notification areas  319 RNA update procedure  319 RRC INACTIVE state  319 RRC layer states  319 system information broadcast  318 UE mobility in RRC CONNECTED state  327 UE mobility in RRC IDLE state  326 UE mobility in RRC INACTIVE state  326 5G NR beam management  420 beam measurement and reporting  422 beam correspondence  421 beam determination  420 beam failure detection  422 beam failure instance  422 beam failure recovery  422 beam sweeping  420 BFI. See Beam failure instance BLER  422 candidate beam list  423 contention based RACH procedure  423 contention free RACH procedure  423 link recovery thresholds  422 P‐1, P‐2,P‐3 procedures  421 reference signals for beam management  420 5G NR channel state information  430 aperiodic CSI report  430 codebook  431 codebooks for CSI reporting  432 CRI. See CSI‐RS resource indicator CSI‐RS resource indicator  431 framework of CSI  430 layer indicator (LI)  431 parameters ‐ PMI,RI,LI,CQI,CRI,SSBRI  431 periodic CSI report  430 report configuration  430 resource configuration  431 semi‐persistent CSI report  430 single panel and multi‐panel CSI reporting  432 SS/PBCH block resource indicator  431 SSBRI. See SS block resource indicator Type‐I and Type‐II CSI codebook reporting  432

509

510

Index

5G NR channel types  357 5G NR hybrid ARQ procedure  351 HARQ‐ARQ codebook  407 5G NR logical channels broadcast control channel  358 common control channel  358 dedicated control channel  358 dedicated traffic channel  358 paging control channel  358 5G NR low latency requirements MAC layer  356 RLC layer  341 5G NR physical channels layer mapping  396 modulation  396 physical broadcast channel  391 physical downlink control channel  391 physical downlink shared channel  391 physical random‐access channel  391 physical uplink control channel  391 physical uplink shared channel  391 precoding  396 scrambling  395 5G NR physical layer bandwidth part  373 bandwidth adaptation  251, 373 bwp switching  376 configuration of BWP  375 types of BWP  374 beamforming  419 BWP. See Bandwidth part code block group  405 common resource blocks  370 control resource set  318, 369 coreset. See Control resource set coreset 0  318 CRB. See 5G NR physical layer common resource blocks downlink control information  401 DCIs formats‐ 0_0,0_1,1_0,1_1,2_0,2_1,2_2  402 downlink synchronization  414 dynamic TDD  367 effect on data throughput  445 frequency range 1  362 frequency range 2  362 interleaved allocation,non‐interleaved allocation  370

link adaptation procedure  434 modulation and coding schemes  433 NR frame, slot format  364 OFDM symbol  363 operating frequency ranges (FR) and duplexing mode  362 physical channels  390 physical downlink control channel  397 physical layer cell identity  414 physical resource block  370 physical resource block bundling  371 physical signals  409 physical uplink control channel  404 primary synchronization signal  414 principles of transmissions and directions  360 PUCCH formats‐0,1,2,3,4  404 radio link monitoring  424 radio resource management measurements (RRM)  426 reference point ‘A’  371 resource allocation Type 0  377 resource allocation Type 1  379 resource allocations in FDD and TDD  377 resource grid, resource block  368 RLM. See radio link monitoring RLM reference signals  424 RRM measurements  426 secondary synchronization signal  414 SFI. See Slot format indicator slot format indicator  367 slot formats in TDD Mode  366 SS Block (SSB)  415 subcarrier spacings/numerologies  364 synchronization signals and PBCH block  364 channel bandwidth  371 transmission/reception point  493 transport channels  384 TRP. See transmission/reception point UE transmit power control  444 uplink control information  404 virtual resource block  370 VRB. See 5G NR physical layervirtual resource block 5G NR physical signals channel status information reference signal non‐zero power CSI‐RS  413 zero power CSI‐RS  413

Index

channel status information reference signal (CSI‐RS)  413 demodulation reference signals (DMRS)  410 phase tracking reference signal (PTRS)  412 sounding reference signal  412 5G NR random access (RACH) procedure contention based RACH procedure  349 contention free RACH procedure  351 contention resolution identity  349 frequency domain resource  437 preamble formats  436 RACH occasion  437 RACH preamble  435 random access (RA)‐RNTI  347 random access response (RAR)  439 random‐access preamble identifier (RAPID)  349 time domain resource  436 transmission of a RACH preamble  347 5G NR RRM measurements framework measurement gaps  427 measurement objects  427 measurements events A1‐A6, B1‐B3  428 quantity configurations  427 reporting configurations  427 SS Block measurement time configuration window  427 5G NR RRM measurementssignals SS‐reference signal received power  426 SS‐reference signal received quality  426 SS‐signal‐to‐noise and interference ratio  426 5G NR transport channels broadcast channel  384 channel coding  384 channel decoding  385 codeword  388 downlink shared channel  384 LDPC. See low density parity check low density parity check  386 base graph matrix 1  386 base graph matrix 2  386 code rates  386 lifting size  387 paging channel  384 processing chain channel encoding with LDPC  386 code block segmentation  385

CRC calculation  385 rate matching, concatenation  387 random access channel  384 transport block  384 transport format  361 uplink shared channel  384 5G NR UE power control closed‐loop power control  444 open loop power control  444 transmit power control  444 5G NR UE scheduling procedure  344 configured scheduling  345 dynamic scheduling  344 semi‐static scheduling  345 5G NR user plane protocols  335 MAC layer  342 packet processing differences between LTE and NR  356 PDCP layer  336 reliable communication  338 split bearer  337 RLC layer  340 SDAP layer  336 5G quality of service QFI. See QoS Flow ID QoS rule identifier  305 5G system 5G core  447 control plane and user plane separation  447 core network architecture  259 core network key principles  252 deployment solutions  260 non‐standalone deployment  260 standalone deployment  260 enablers and key principles  250 enhanced protocol layers  251 E‐UTRA‐NR dual connectivity  261 flexible sub carrier spacings  251 interworking with LTE/EPS  265 native and mapped network identities  268 network architecture  254 network slices  252 network slicing  270 network slice identification  272 network slice selection assistance information  272 new radio  249 next generation radio access network (NG‐RAN)  252

511

512

Index

5G system (cont’d) NG‐RAN/gNB logical architecture  256 NR. See New radio registration area  312 security  280 security key hierarchy and authentication vectors  282 serving network name  283 software defined networking  252 subscriber identities  286 support of diverse spectrums  250 UE authentication frameworks  280 authentication and key agreement  281 EAP authentication and key agreement  281 use cases  249 enhanced mobile broadband  249 massive internet of things  249 ultra‐reliable and low latency communication  249 5G system new radio  254 5GC. See 5G core 5GS. See 5G system 5GS low level design class diagram  474 core network software architecture  479 data types used for 5GC SBI communications  479 design of NF service interface using UML  474 event‐driven vs interrupt driven packet processing  479 multicore partioning and assignments  477 NG‐RAN software architecture  476 representational state transfer API  462 runtime choices  479 service interface and its operations  473 usages of standard template library  475 5GS management and orchestration  278 information objectclass  278 network resource model  278 5GS NAS connection management  316 NAS signalling connection  316 5GS NAS MM layer common procedures  314 connection management procedures  314 mobility areas and ther identifiers  308 mobility management layer states  315 mobility management requirements  313 mobility pattern of UE  317 specific procedures  314 UE initial registration  314 UE periodic registration  315 5GS NAS SM layer

data network name  300 PDU session estabhlishment procedure  297 PDU session modification procedure  298 PDU session service continuity  299 PDU session types  298 session management layer  296 5GS NG‐RAN sharing  109 5GS quality of service 5G QoS identifier  304 5QI. See 5G QoS identifier mapping QoS flow to data radio bearer  305 PDU session  302 PDU session container  302 QoS flow  301 QoS flow ID  303 QoS flow type and parameters  303 QoS profile and QFI  303 QoS rule and QRI  305 QRI. See QoS rule identifier (5GS) service data flow  302 FR1. See Frequency range 1 FR2. See Frequency range 2 Frame relay  9, 35 Frequency division duplex  25, 360 Frequency division multiple access (FDMA)  14 FTP protocol  39

g

Gateway GPRS support node  5, 7 GBR. See Guaranteed bit rate General packet radio service network architecture  7 General protocol error handling (3GPP TS)  137 Gi interface (GPRS)  34 Global network identity  68 Globally unique temporary identity  71 GMSK  15 Gn interface (GPRS)  34, 68 gNB ‐ 5G base station  254 gNodeB. See gNB GNU tool‐chain collection  180 GPRS Gb interface  34, 35 GPRS routing area  310 GPRS tunnelling protocol  33, 112 Gs interface  105, 34 GSM air interface layer 3  50 E1 interface  26 E1 physical interface  30

Index

EDGE radio access network  21 location area  309 mobile originated call  13 network architecture  6 security procedures  126 signaling messages  14 G.703 standard  30 GTP. See GPRS tunneling protocol control plane functions  112 control plane PDU  114 echo request  143 echo response  143 G‐PDU  112 packet encapsulations at LTE/EPC  115 T‐PDU  112 tunnel identifier  112 user plane functions  113 user plane PDU  113 GTP‐control plane  33 Guaranteed bit rate  334 GUTI. See Globally unique temporary identity

h

Handover  327 Handover procedure 5GS N2 based handover  330 5GS to LTE/EPS handover  331 5GS Xn handover  329 determination of a handover requirement  327 different phases of a handover procedure  328 hard handover  328 soft handover  329 types of handover procedure  328 Hardware platform embedded system board  176 embedded system, Linux versus PC  176 multicore processor  177 multicore processor for network elements  178 multicore processor runtime choices  178 software Prog. model on multicore processor  179 HARQ. See 5G NR hybrid ARQ procedure High speed packet access (3G)  15 High‐speed downlink packet access (3G)  17 Home PLMN  309 Home subscriber system  8, 18 HSDPA (3G)  15 HSPA+(3G)  15 HSUPA (3G)  15

i

Identify and understand protocol architectures  49 IE. See Information element IE formats T,V,TV,LV,TLV,LV‐E,TLV‐E  57 IE presence requirement conditional IE  57 mandatory IE  57 optional IE  57 IEI. See Information element identifier IMS. See IP multimedia subsystem Information element  56 Information element identifier  56 Information element types  57 Initialization of a logical interface  42 Integrity protection  121 Integrity protection signalling information  124 International mobile equipment identity  68 International mobile subscriber identity  68 Internet control message protocol (ICMP)  21 Interoperations of networks LTE/EPS roaming  90 Interworking and interoperation  77 Interworking between LTE/EPS and 5G system  89 Interworking through enhanced network elements  78 Interworking through legacy network elements  88 Intra domain NAS node selector  99 IP header compression and decompression  117 IP header compression/decompression methods  118 IP multimedia subsystem  80 IP packet routing in core network  116 IP protocol analyser  161 IP transmission network  35 IP transport investigation tool  167 IP‐based network  9 Iu interface  34 Iub interface (UMTS)  34 Iu‐CS interface (UMTS)  34 Iu‐interface Iu‐CS  48 Iu‐PS interface (UMTS)  34

k

Key performance indicator  150 KPI. See Key performance indicator categories  154 components  157 for control plane  152

513

514

Index

KPI. See Key performance indicator (cont’d) for data plane  153 evaluation steps  155 for network troubleshooting and optmization  156

l

Load balancing  97 Local network identity  68 Location area identification  310 Logical channels  357 Logical interface  30 Logical link control  44 Long term evolution  18 Long term evolution network architecture  8 LTE/EPS ESM information request  59 LTE‐advanced  26

m

Mapped network identity  73 Master information block  318 MCC. See Mobile country code MCS. See Modulation and coding schemes Media access control  44 Message transfer part (GSM)  51 millimeter wave frequency bands  250 millimeter‐wave transmission/reception  419 mmWave. See Millimeter wave transmission/reception MNC. See Mobile network code Mobile country code  309 Mobile network code  309 Mobile station (MS)  5 Mobile switching centre  5, 14 Mobility management  29, 44 Mobility management entity (LTE)  8 Moble comm. system engineering air interface management  20 mobility management  19 network maintenance  20 security management  20 subscribers and services management  20 MOC. See GSM mobile originated call Modes of operation of protocol layer acknowledge mode  213 transparent mode  214 unacknowledged mode  214 Modulation order  15, 433 m‐sequence  414

M‐TMSI S‐TMSI  70 Multi‐operator core network sharing  103 Multiple antenna transmissions logical antenna ports  393 massive MIMO  419 multiple input multiple output  392 multiple input single output  392 multiuser MIMO  393 pre‐coding matrix  393 single input multiple output  392 single input single output  392 single user MIMO  393 spatial multiplexing  392 transmissions layers  394 Multiple data link layers  47 Multiple physical layer interfaces  47

n

NAS node load balancing method weighted round‐robin  99 NAS node selection function  99 NAS transport  52 Native network identity  73 Network architecture  10 Network domains  11 Network element  5 Network element development advance features of operating system  181 advanced data structures  180 affect on application’s performance  180 software development kit  179 standard template library  180 usages of software simulators  184 Network elements identities  67 Network performance and optimizations managementsystem  149 Network resource identifier  69, 99 Network service data units (GPRS)  36 Network sharing  102 Network switching subsystem  6 Network troubleshooting air interface issues  159 application throughput issue  161 conformance testing issues  162 importance of logs  166 interoperability testing issues  164

Index

interworking issues  165 IP based logical interface issues  160 steps  167 New data bit indicator  409 Next generation radio access network (5G NG‐RAN)  10 NG‐RAN. See 5G system next generation radio access network N1 mode (5GS)  51 Non‐access stratum  39, 41 Non‐guaranteed bit rate  334 NRI. See Network resource identifier

o

Original equipment manufacturer (OEM)  21 Orthogonal frequency division multiple access (OFDMA)  14 Orthogonal frequency division multiplexing  363

p

Packet control unit (PCU)  7 Packet data convergence protocol  37, 44 Packet data network  18 Packet data network gateway (PGW)  18 Packet detection rule  303 Packet encapsulations over air interface  115 Packet switched  5, 9, 12 Packet temporary mobile subscriber identity  69 Packets encapsulations between CN and RAN  112 PDCCH. See Physical downlink downlink control channel PDCCH search space  399 PDU session ID (5G)  59 Permanent network identities  68 Physical cell identity  72 Physical channels  357 Physical interface  30 Piggybacking of signalling message  63 Plug‐in unit (PIU)  176 PMI. See Precoding matrix indicator Policy and charging enforcement function  303 Policy control and charging  302 Port mirroring  161 Power‐on self‐test (POST)  177 PRB. See 5G NR physical layer resource block Precoding matrix indicator  431

Primary synchronization signal  71 Procedure transaction identity  59 Proprietary tool for testing  167 Protocol peer to peer communication  195 layer to layer communication  195 Protocol conversion  44 Protocol data unit  30 Protocol discriminator  65 Protocol interface  29 Protocol layer architecture  192 cause values  193 context information  227 control and configuration  226 counter  217 data and its type  225 development guidelines  230 development using message passing  224 development using state machine  222 error handling, alarm  192 formats of protocol data unit  198 message padding  228 PDUs, definitions, IEs, formats  192 protocol data unit  197 services  193 service access points  195 service access point identifier  196 service data unit  197 service primitives  195 structured procedures, functions  192 termination  43 testing and validation  231 timer  216 timer handling  219 types of protocol data unit control PDU  198 data PDU  198 variables,counters, timers, constants  192 Protocol stack  32 Protocol sub‐layers  43 Pseudo‐random sequence generator  395 PSTN  36 P‐TMSI. See Packet temporary mobile subscriber identity Public land mobile network  68, 308 Public switched telephone network (PSTN)  6

515

516

Index

q

Quadrature Amplitude Modulation (QAM)  15 Quadrature Phase Shift Keying (QPSK)  15

R

Radio access network  21 Radio link control  44 Radio link monitoring in‐synchronization  424 out of synchronization  424 Radio network controller  7 Radio network layer  46 Radio network subsystem  7 Radio network temporary identifier  70, 72 Radio resource control  37 Radio resource control layer  317 Radio resource management  30, 50 Radio wave  31 RAN. See Radio Access network RANAP (UMTS)  37, 53 RAR. See Random access response Real‐time operating system (RTOS)  176 Real‐time transport protocol  81 Release 99 1st Release of UMTS  16 RI. rank indicator,394 RNTI. See Radio network temporary identifier Roaming management  30 Robust header compression  337 ROHC. See Robust header compression Routing area  310 Routing area identification  310 RTP control protocol  81

s

S1‐AP (LTE/EPS)  32, 53 Secondary synchronization signal  71 Segmented signalling messages  63 Separate transport protocol in IP  47 Service and systems aspects  21 Service data adaptation protocol (5G NR)  44 Service DATA FLOW  303 Serving gateway  8 Serving GPRS support node  5, 36 Session initiation protocol  81 Session management  29, 44 SGi  34

SGi interface (LTE/EPS)  34 SGs interface (LTE/EPS)  34 Signaling message,36  55 Signaling radio bearer  320 Signalling connection control part (GSM)  63 Signalling messages between RAN and CN  64 Single carrier frequency division multiple access (SC‐FDMA)  14 Single radio voice call continuity  79, 83 S1 interface  51 S5 interface (LTE/EPS)  34 SIP. See Session initiation protocol S1 logical interface (LTE/EPS)  32 S1 mode (LTE/EPS)  51 Software architecture  186 availability  188 bad programming practices  185 development life cycle  173 design  173 implementation  173 integration and testing  173 operation and maintenance  173 requirements  173 example GSM RRM and its object model  187 incorrect usages of library  185 incorrect usages of system resources  185 organization  186 profiling for performance improvement  231 reliability  188 root causes analysis and debugging  185 scalability  188 static code analysis  186 system requirements analysis  188 Stand‐alone non‐public network (5GS SNPN)  109 STATUS PDU (Protocol Error Reporting)  138 Steps for network troubleshooting air interface related issues  168 data throughput issues  168 device driver, time synchronisation related issues  170 3GPP interworking, features, roaming related issues  169 handover related issues  168 low KPI issues  169 multiple users, cell or network outages issues  169

Index

signaling related issues  168 single user call/traffic related Issues  167 Stratum  39 Stream control transmission protocol  33, 37 Subnetwork dependent convergence protocol (GPRS)  115 Sub‐network service protocol (GPRS)  36 Subscriber identity authentication  121, 123 Subscriber identity confidentiality  121, 123 Subscriber information confidentiality  121 S1‐user plane (LTE)  32 Sv interface (LTE/EPS)  34 Synchronization signal based reference signal received power  422 System architecture evolution (LTE)  18 System frame number  318 System information block  318 difference between LTE and NR  318

t

TCP/IP protocol  21 Technical report  22 Technical specification  22 Temporary logical link identity  70 Temporary mobile subscriber identity  69 Temporary network identities  69 3GPP. See 3rd generation partnership project 3GPP change requests  26 3GPP meeting discussions/study items/work items  506 3GPP meetings technical documents (TDocs)  26 3GPP Project Co‐ordination Group  22 3GPP releases release 4  26 release 5  26 release 6  26 release 7  2 release 8/9  26 release 10  26 release 15  26 release 99  26 3GPP release 16 enhancements architectural enhancement for V2X  493 MIMO enhancement  493 network slice enhancement  494 physical layer enhancement  493 service‐based architecture enhancement  494 URLLC enhancement  493

voice call continuity from 5G to UTRAN  494 3GPP release 16 features enhanced UE mobility  495 ethernet transport services  495 industrial internet of things  495 integrated access and Backhaul  496 LAN type services  495 non‐public networks  495 NR operations in unlicensed spectrum  495 2‐Steps RACH procedure  495 UE positioning services  496 positioning reference signal  496 vehicle to everything (V2X)  493 3GPP release specific changes implementation  218 3GPP specification series  23 3GPP system deriving requirements specifications  235 feature and high‐level design  244 feature development requirements and impacts  238 impacts of interworking  242 impacts of RAN sharing feature  239 3GPP technical specification components  192 different stages  22 drafting rules  25 release number  22 series number  23 version number  24 3rd Generation partnership project association of radio industries and businesses (ARIB)  21 alliance for telecommunications industry solutions (ATIS)  21 china communications standards association (CCSA)  21 european telecommunications standards institute (ETSI)  21 telecommunications standards development society, india (TSDSI)  21 telecommunications technology association (TTA)  21 telecommunication technology committee (TTC)  21 www.3gpp.org  21 time division duplex  25, 360 time division multiple access (TDMA)  14 TLLI. See Temporary logical link identity TMSI. See Temporary mobile subscriber identity TR. See Technical report

517

518

Index

Tracking area  310 Tracking area identification  310 Tracking area list  312 Transmission time interval  95, 230, 251, 433 Transparent mode  46 Transport block  150, 384 Transport block size  433, 434 Transport channels  357 Transport network layer  46 Troubleshooting protocol error with the alarm data  146 TS. See Technical specification TS description by interface name  51

u

UE buffer status reporting  352 UE dual registration mode  89 UE identity mapping  74 UE mode of operation  92 UE scheduling request  353 UE security contexts  123, 130 UE security interworking  130 UE single registration mode  89 Um interface (GSM)  14 UMTS, LTE and 5G security procedures  127

Unacknowledged mode  46 Universal mobile telecommunications system network architecture  7 Universal terrestrial radio access network  10 Usages of network identities  73 Usages of software simulators for bug fixing  184 for system capacity, performance and load testing  184 User data packets encapsulations  111 User equipment (UE)  7 User plane  36 User plane protocols  38 Uu interface (UMTS, LTE, 5G)  14

v

Visited PLMN  309 Voice over VoLTE  79

w

Wideband code division multiple access (WCDMA)  14

z

Zadoff‐chu sequences  71, 391, 435

WILEY END USER LICENSE AGREEMENT Go to www.wiley.com/go/eula to access Wiley’s ebook EULA.